Abstract
To detect intrusions resulting of an attack that corrupted data items used by a program to perform its computation, we propose an approach that automatically instruments programs to control a data-based behavior model during their execution. We build our model by discovering the sets of data the system calls depend on and which constraints these sets must verify at runtime. We have implemented our approach using a static analysis framework called Frama-C and we present the results of experimentations on a vulnerable version of OpenSSH.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data Attacks are Realistic Threats. In: Usenix Security Symposium (2005)
Frama-C: Framework for Modular Analysis of C, http://frama-c.cea.fr/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Demay, JC., Totel, É., Tronel, F. (2009). Automatic Software Instrumentation for the Detection of Non-control-data Attacks. In: Kirda, E., Jha, S., Balzarotti, D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04342-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-04342-0_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04341-3
Online ISBN: 978-3-642-04342-0
eBook Packages: Computer ScienceComputer Science (R0)