Switchblade: Enforcing Dynamic Personalized System Call Models

Publikation: Sonstige VeröffentlichungSonstigesBeigetragenBegutachtung

Beitragende

Abstract

System call interposition is a common approach to restrict the power of applications and to detect code injections. It enforces a model that describes what system calls and/or what sequences thereof are permitted. However, there exist various issues like concurrency vulnerabilities and incom- plete models that restrict the power of system call interpo- sition approaches. We present a new system, SwitchBlade, that uses randomized and personalized fine-grained system call models to increase the probability of detecting code in- jections. However, using a fine-grain system call model, we cannot exclude the possibility that the model is violated during normal program executions. To cope with false posi- tives, SwitchBlade uses on-demand taint analysis to update a system call model during runtime.

Details

OriginalspracheEnglisch
Seitenumfang14
Band42
PublikationsstatusVeröffentlicht - 2008
Peer-Review-StatusJa
No renderer: customAssociatesEventsRenderPortal,dk.atira.pure.api.shared.model.researchoutput.OtherContribution

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium