NDLI: PASAN : Automatic Patch and Signature Generation for Bu er-Over ow Attacks

Please wait, while we are loading the content...

PASAN : Automatic Patch and Signature Generation for Bu er-Over ow Attacks

Content Provider	Semantic Scholar
Copyright Year	2006
Abstract	Control-hijacking attacks exploit vulnerabilities in programs to take control of the victim applications and eventually their underlying machines. Although much work has been done on detection and prevention of control-hijacking attacks, most of them did not support adequate post-attack response which should include attack signature and patch generation. Ideally, after a control-hijacking attack is detected, the signature generation component should supply the front-end rewall with a ltering rule that could stop the detected attack and its variants from entering the premise, and the patch generation component should create a x that permanently eliminates the vulnerabilities that the detected attack exploits. This paper describes the design, implementation, and evaluation of a security-enhancing compiler PASAN that can instrument the source code of a C program so that it can detect a control-hijacking attack and automatically generate a signature and a software patch for the detected attack. The attack signatures that PASAN generates can capture polymorphic attacks because they contain regular expressions and length constraints. The automatically generated patches are similar to those created manually so that developers can examine and merge them with the original code base with minimal e orts. We have implemented the rst PASAN prototype as a GNU C compiler extension that aims at stack-based bu er over ow attacks but could be easily generalized to accommodate other control-hijacking attacks. Testing this prototype with seven network daemon programs with known vulnerabilities show that the automatically generated attack signatures can indeed stop the detected attacks and that the patches can successfully x the vulnerability. In addition, these patches are similar in their structure to those that programmers generate. The run-time performance overhead of application programs instrumented by PASAN is between 10% and 23%, except two programs, which do not have much internal processing.
File Format	PDF HTM / HTML
Alternate Webpage(s)	http://www.ecsl.cs.sunysb.edu/tr/TR213.pdf
Language	English
Access Restriction	Open
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in