ACM Transactions on Information and System Security (TISSEC)
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
ACM Transactions on Computer Systems (TOCS)
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Preventing drive-by download via inter-module communication monitoring
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Comprehending module dependencies and sharing
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Hi-index | 0.00 |
ActiveX is used to build reusable software components in Microsoft Windows. It is widely used by many Windows applications, such as Internet Explorer and Microsoft Office. As general-purpose components, ActiveX controls expose methods to applications, which may be used in ways unexpected by the ActiveX designer, leading to malicious activities. We call such misuse of ActiveX methods - ActiveX API misuse vulnerabilities. In this paper, we present a solution which identifies and prevents API misuse of ActiveX controls in Internet Explorer. We construct models to represent normal functionality of ActiveX methods, and identify ActiveX API misuse by identifying the methods that can reach dangerous (system) APIs. We then develop a technique for Internet Explorer to prevent the use of dangerous ActiveX methods. We evaluated our approach on six real-world ActiveX controls. We are able to identify and prevent ActiveX API misuse in these controls. Our approach is effective in detecting ActiveX API misuse and has negligible overhead for preventing attacks.