Automatic software instrumentation for the detection of non-control-data attacks

Jonathan Christofer Demay; Éric Totel; Frédéric Tronel

doi:10.1007/978-3-642-04342-0_19

Automatic software instrumentation for the detection of non-control-data attacks

Jonathan Christofer Demay, Éric Totel, Frédéric Tronel

Supelec

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

To detect intrusions resulting of an attack that corrupted data items used by a program to perform its computation, we propose an approach that automatically instruments programs to control a data-based behavior model during their execution. We build our model by discovering the sets of data the system calls depend on and which constraints these sets must verify at runtime. We have implemented our approach using a static analysis framework called Frama-C and we present the results of experimentations on a vulnerable version of OpenSSH.

Original language	English
Title of host publication	Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings
Publisher	Springer Verlag
Pages	348-349
Number of pages	2
ISBN (Print)	3642043410, 9783642043413
DOIs	https://doi.org/10.1007/978-3-642-04342-0_19
Publication status	Published - 1 Jan 2009
Externally published	Yes
Event	12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009 - Saint-Malo, France Duration: 23 Sept 2009 → 25 Sept 2009

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5758 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009
Country/Territory	France
City	Saint-Malo
Period	23/09/09 → 25/09/09

Access to Document

10.1007/978-3-642-04342-0_19

Cite this

Demay, J. C., Totel, É., & Tronel, F. (2009). Automatic software instrumentation for the detection of non-control-data attacks. In Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings (pp. 348-349). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5758 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-04342-0_19

Demay, Jonathan Christofer ; Totel, Éric ; Tronel, Frédéric. / Automatic software instrumentation for the detection of non-control-data attacks. Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings. Springer Verlag, 2009. pp. 348-349 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{911f644a091343b08f80d04e92e91eb4,

title = "Automatic software instrumentation for the detection of non-control-data attacks",

abstract = "To detect intrusions resulting of an attack that corrupted data items used by a program to perform its computation, we propose an approach that automatically instruments programs to control a data-based behavior model during their execution. We build our model by discovering the sets of data the system calls depend on and which constraints these sets must verify at runtime. We have implemented our approach using a static analysis framework called Frama-C and we present the results of experimentations on a vulnerable version of OpenSSH.",

author = "Demay, \{Jonathan Christofer\} and {\'E}ric Totel and Fr{\'e}d{\'e}ric Tronel",

year = "2009",

month = jan,

day = "1",

doi = "10.1007/978-3-642-04342-0\_19",

language = "English",

isbn = "3642043410",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "348--349",

booktitle = "Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings",

note = "12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009 ; Conference date: 23-09-2009 Through 25-09-2009",

}

Demay, JC, Totel, É & Tronel, F 2009, Automatic software instrumentation for the detection of non-control-data attacks. in Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5758 LNCS, Springer Verlag, pp. 348-349, 12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009, Saint-Malo, France, 23/09/09. https://doi.org/10.1007/978-3-642-04342-0_19

Automatic software instrumentation for the detection of non-control-data attacks. / Demay, Jonathan Christofer; Totel, Éric; Tronel, Frédéric.
Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings. Springer Verlag, 2009. p. 348-349 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5758 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automatic software instrumentation for the detection of non-control-data attacks

AU - Demay, Jonathan Christofer

AU - Totel, Éric

AU - Tronel, Frédéric

PY - 2009/1/1

Y1 - 2009/1/1

N2 - To detect intrusions resulting of an attack that corrupted data items used by a program to perform its computation, we propose an approach that automatically instruments programs to control a data-based behavior model during their execution. We build our model by discovering the sets of data the system calls depend on and which constraints these sets must verify at runtime. We have implemented our approach using a static analysis framework called Frama-C and we present the results of experimentations on a vulnerable version of OpenSSH.

AB - To detect intrusions resulting of an attack that corrupted data items used by a program to perform its computation, we propose an approach that automatically instruments programs to control a data-based behavior model during their execution. We build our model by discovering the sets of data the system calls depend on and which constraints these sets must verify at runtime. We have implemented our approach using a static analysis framework called Frama-C and we present the results of experimentations on a vulnerable version of OpenSSH.

U2 - 10.1007/978-3-642-04342-0_19

DO - 10.1007/978-3-642-04342-0_19

M3 - Conference contribution

AN - SCOPUS:76649128992

SN - 3642043410

SN - 9783642043413

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 348

EP - 349

BT - Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings

PB - Springer Verlag

T2 - 12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009

Y2 - 23 September 2009 through 25 September 2009

ER -

Demay JC, Totel É, Tronel F. Automatic software instrumentation for the detection of non-control-data attacks. In Recent Advances in Intrusion Detection - 12th International Symposium, RAID 2009, Proceedings. Springer Verlag. 2009. p. 348-349. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-04342-0_19

Automatic software instrumentation for the detection of non-control-data attacks

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this