The internet worm program: an analysis
ACM SIGCOMM Computer Communication Review
ABCD: eliminating array bounds checks on demand
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Model-Carrying Code (MCC): a new paradigm for mobile-code security
Proceedings of the 2001 workshop on New security paradigms
An infrastructure for adaptive dynamic optimization
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Protection against Indirect Overflow Attacks on Pointers
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Online Impact Analysis via Dynamic Compilation Technology
ICSM '04 Proceedings of the 20th IEEE International Conference on Software Maintenance
A Comparison of Online and Dynamic Impact Analysis Algorithms
CSMR '05 Proceedings of the Ninth European Conference on Software Maintenance and Reengineering
An API for Runtime Code Patching
International Journal of High Performance Computing Applications
Efficient, transparent, and comprehensive runtime code manipulation
Efficient, transparent, and comprehensive runtime code manipulation
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Program vulnerabilities leave organizations open to malicious attacks that can result in severe damage to company finances, resources, consumer privacy, and data. Engineering applications and systems so that vulnerabilities do not exist would be the best solution, but this strategy may be impractical due to fiscal constraints or inadequate knowledge. Therefore, a variety of program and system-based solutions have been proposed to deal with vulnerabilities in a manageable way. Unfortunately, proposed strategies are often poorly tested, because current testing techniques focus on the common case whereas vulnerabilities are often exploited by uncommon inputs.In this paper, we present the design of a testing framework that enables the efficient, automatic and systematic testing of security mechanisms designed to prevent program-based attacks. The key insight of the framework is that dynamic compilation technology allows us to insert and simulate attacks during program execution. Thus, a security mechanism can be tested using any program, not only those with known vulnerabilities.