View Full Document

Execution Transactions for Defending Against Software Failures



View the full content.
View Full Document
View Full Document

12 views

Unformatted text preview:

Noname manuscript No will be inserted by the editor Stelios Sidiroglou Angelos D Keromytis Execution Transactions for Defending Against Software Failures Use and Evaluation Abstract We examine the problem of containing buffer overflow attacks in a safe and efficient manner Briefly we automatically augment source code to dynamically catch stack and heap based buffer overflow and underflow attacks and recover from them by allowing the program to continue execution Our hypothesis is that we can treat each code function as a transaction that can be aborted when an attack is detected without affecting the application s ability to correctly execute Our approach allows us to enable selectively or disable components of this defensive mechanism in response to external events allowing for a direct tradeoff between security and performance We combine our defensive mechanism with a honeypot like configuration to detect previously unknown attacks automatically adapt an application s defensive posture at a negligible performance cost and help determine worm signatures Our scheme provides low impact on application performance the ability to respond to attacks without human intervention the capacity to handle previously unknown vulnerabilities and the preservation of service availability We implement a stand alone tool DYBOC which we use to instrument a number of vulnerable applications Our performance benchmarks indicate a slow down of 20 for Apache in full protection mode and 1 2 with selective protection We provide preliminary evidence towards the validity of our transactional hypothesis via two experiments first by applying our scheme to 17 vulnerable applications successfully fixing 14 of them second by examining the behavior of Apache when each of 154 potentially vulnerable routines are made to fail resulting in correct behavior in 139 cases 90 with similar results for sshd 89 and Bind 88 1 Introduction The prevalence of buffer overflow attacks as a preferred intrusion



Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Execution Transactions for Defending Against Software Failures and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Execution Transactions for Defending Against Software Failures and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?