Program transformation techniques for automatic runtime detection of software exploits
by Xu, Wei, Ph.D., STATE UNIVERSITY OF NEW YORK AT STONY BROOK, 2009, 157 pages; 3399776

Abstract:

The size and complexity of modern software poses a great challenge in the context of securing them against cyber attacks. This factor has motivated research in the development of automated techniques and tools for software vulnerability and exploit detection. These researches fall into two basic categories: one targeted at software developers, while another at end-users and system administrators. Because software vulnerabilities continue to increase despite the efforts taken by developers, in this dissertation, we focus on the latter approach to prevent software vulnerabilities from being exploited in successful attacks. Our research significantly expands the classes of attacks that can be addressed using this approach.

In the first part of our research, we develop a technique that provides comprehensive protection against buffer overflows and other attacks that are based on the lack of memory safety in the C programming language. Unlike previous techniques that were targeted at thwarting the steps involved in typical memory error exploits, our approach gets to the root cause of these attacks, namely, memory errors, and prevents them.

In the second part of our research, we significantly extend the scope of our work to address a new generation of attacks that have emerged in the past several years. This class of attacks, which include SQL injection, command injection, cross-site scripting, path traversal and format string attacks, arise due to input validation errors in applications. As a result of these errors, attackers can cause a vulnerable program to execute operations that can compromise its security. Our technique provides the first systematic solution to this class of attacks by tracking the origin of data within programs, and applying policies that can accurately distinguish between benign uses of untrusted data from attacks.

Together, our techniques are applicable to vulnerabilities that account for over 75% of advisories from US-CERT, and about two-thirds of the vulnerabilities reported by CVE, the industry-standard vulnerability dictionary and the main source of US NIST's National Vulnerabiilty Database (NVD).

 
AdviserR. Sekar
SchoolSTATE UNIVERSITY OF NEW YORK AT STONY BROOK
SourceDAI/B 71-03, p. , Mar 2010
Source TypeDissertation
SubjectsComputer science
Publication Number3399776
Adobe PDF Access the complete dissertation:
 

» Find an electronic copy at your library.
  Use the link below to access a full citation record of this graduate work:
  http://gateway.proquest.com/openurl%3furl_ver=Z39.88-2004%26res_dat=xri:pqdiss%26rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation%26rft_dat=xri:pqdiss:3399776
  If your library subscribes to the ProQuest Dissertations & Theses (PQDT) database, you may be entitled to a free electronic version of this graduate work. If not, you will have the option to purchase one, and access a 24 page preview for free (if available).

About ProQuest Dissertations & Theses
With over 2.3 million records, the ProQuest Dissertations & Theses (PQDT) database is the most comprehensive collection of dissertations and theses in the world. It is the database of record for graduate research.

The database includes citations of graduate works ranging from the first U.S. dissertation, accepted in 1861, to those accepted as recently as last semester. Of the 2.3 million graduate works included in the database, ProQuest offers more than 1.9 million in full text formats. Of those, over 860,000 are available in PDF format. More than 60,000 dissertations and theses are added to the database each year.

If you have questions, please feel free to visit the ProQuest Web site - http://www.proquest.com - or call ProQuest Hotline Customer Support at 1-800-521-3042.