Detection and diagnosis of control interception

Authors:
Chang-Hsien Tsai;Shih-Kun Huang
Affiliations:
Department of Computer Science, National Chiao Tung University, Taiwan;Department of Computer Science, National Chiao Tung University, Taiwan
Venue:
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Year:
2007

Citing 11
Cited 0

Reverse execution of programs

ACM SIGPLAN Notices
Anomaly Detection Using Call Stack Information

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Randomized instruction set emulation to disrupt binary code injection attacks

Proceedings of the 10th ACM conference on Computer and communications security
PSE: explaining program failures via postmortem static analysis

Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Run-time Detection of Heap-based Overflows

LISA '03 Proceedings of the 17th USENIX conference on System administration
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks

IEEE Transactions on Dependable and Secure Computing
Flashback: a lightweight extension for rollback and deterministic replay for software debugging

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
PointguardTM: protecting pointers from buffer overflow vulnerabilities

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Where's the FEEB? the effectiveness of instruction set randomization

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting against unexpected system calls

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

Quantified Score

Hi-index	0.00

Visualization

Abstract

Crash implies that a software is unstable and possibly vulnerable. Stack overflow is one of many causes of crashes. This kind of bug is often hard to debug because of the corrupted stack, so that debuggers cannot trace the control flow of the programs. A control-type crash caused by stack overflow is easy to be developed as a control interception attack. We develop a method to locate this attack and implement it as a plug-in of Valgrind [1]. This tool can be used in the honeypot to detect and diagnose zero-day exploits. We use it to detect several vulnerabilities and automatically locate the bugs.