Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
DeltaPath: Precise and Scalable Calling Context Encoding
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Hi-index | 0.00 |
In the past few years, languages which run on virtual machines, like Java and C#, have become popular. These are platforms as well as languages, and they are characterized by being verifiable and garbage collected, and include Just-In-Time compilers, large standard libraries, and runtime profilers. I call platforms with these features dynamic execution environments (DEEs). The runtime infrastructure of DEEs allows access to features of execution that were previously difficult to observe. My research consists of a series of case studies in which I build systems to classify behavior of a particular feature into normal and abnormal and then use that classification for either security or optimization purposes. These systems are anomaly detectors. I build anomaly detection systems for method invocations, permissions, and method invocation sequences. I call them dynamic sandboxes, and they are they are used to detect intrusions or system faults. I also show that an anomaly detector can be used to predict object lifetimes resulting in an improved garbage collector.