值得:一个检测程序安全漏洞利用的框架

Amatul Mohosina, Mohammad Zulkernine
{"title":"值得:一个检测程序安全漏洞利用的框架","authors":"Amatul Mohosina, Mohammad Zulkernine","doi":"10.1109/SERE.2012.22","DOIUrl":null,"url":null,"abstract":"It is difficult to develop a program that is completely free from vulnerabilities. Despite the application of many approaches to secure programs, vulnerability exploitations occur in real-world in large numbers. Exploitations of vulnerabilities may corrupt memory spaces and program states, lead to denial of services and authorization bypassing, and leak sensitive information. Monitoring at the program code level can be a way of vulnerability exploitation detection at runtime. In this work, we propose a monitor embedding framework DESERVE (a framework for Detecting program Security Vulnerability Exploitations). DESERVE identifies exploitable statements from source code based on static backward slicing and embeds necessary code to detect attacks. During the deployment stage, the enhanced programs execute exploitable statements in a separate test environment. Unlike traditional monitors that extract and store program state information to compare with vulnerable free program states to detect exploitation, our approach does not need to save state information. Moreover, the slicing technique allows us avoid the tracking of fine grained level of information about runtime program environments such as input flow and memory state. We implement DESERVE for detecting buffer overflow, SQL injection, and cross-site scripting attacks. We evaluate our approach for real-world programs implemented in C and PHP languages. The results show that the approach can detect some of the well-known attacks. Moreover, the approach imposes negligible runtime overhead.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"124 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"DESERVE: A Framework for Detecting Program Security Vulnerability Exploitations\",\"authors\":\"Amatul Mohosina, Mohammad Zulkernine\",\"doi\":\"10.1109/SERE.2012.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"It is difficult to develop a program that is completely free from vulnerabilities. Despite the application of many approaches to secure programs, vulnerability exploitations occur in real-world in large numbers. Exploitations of vulnerabilities may corrupt memory spaces and program states, lead to denial of services and authorization bypassing, and leak sensitive information. Monitoring at the program code level can be a way of vulnerability exploitation detection at runtime. In this work, we propose a monitor embedding framework DESERVE (a framework for Detecting program Security Vulnerability Exploitations). DESERVE identifies exploitable statements from source code based on static backward slicing and embeds necessary code to detect attacks. During the deployment stage, the enhanced programs execute exploitable statements in a separate test environment. Unlike traditional monitors that extract and store program state information to compare with vulnerable free program states to detect exploitation, our approach does not need to save state information. Moreover, the slicing technique allows us avoid the tracking of fine grained level of information about runtime program environments such as input flow and memory state. We implement DESERVE for detecting buffer overflow, SQL injection, and cross-site scripting attacks. We evaluate our approach for real-world programs implemented in C and PHP languages. The results show that the approach can detect some of the well-known attacks. Moreover, the approach imposes negligible runtime overhead.\",\"PeriodicalId\":191716,\"journal\":{\"name\":\"2012 IEEE Sixth International Conference on Software Security and Reliability\",\"volume\":\"124 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Sixth International Conference on Software Security and Reliability\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE.2012.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Sixth International Conference on Software Security and Reliability","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE.2012.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

摘要

开发一个完全没有漏洞的程序是很困难的。尽管应用了许多方法来保护程序,但漏洞利用在现实世界中仍然大量发生。利用漏洞可能会破坏内存空间和程序状态,导致拒绝服务和绕过授权,并泄露敏感信息。在程序代码级别进行监视可能是在运行时检测漏洞利用的一种方法。在这项工作中,我们提出了一个监视器嵌入框架DESERVE(检测程序安全漏洞利用的框架)。DESERVE基于静态向后切片从源代码中识别可利用的语句,并嵌入必要的代码来检测攻击。在部署阶段,增强的程序在单独的测试环境中执行可利用的语句。传统的监视器提取和存储程序状态信息,以便与易受攻击的自由程序状态进行比较,以检测漏洞,而我们的方法不需要保存状态信息。此外,切片技术允许我们避免跟踪关于运行时程序环境的细粒度级别的信息,例如输入流和内存状态。我们实现了DESERVE来检测缓冲区溢出、SQL注入和跨站脚本攻击。我们评估了用C和PHP语言实现的实际程序的方法。结果表明,该方法可以检测到一些已知的攻击。此外,这种方法带来的运行时开销可以忽略不计。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
DESERVE: A Framework for Detecting Program Security Vulnerability Exploitations
It is difficult to develop a program that is completely free from vulnerabilities. Despite the application of many approaches to secure programs, vulnerability exploitations occur in real-world in large numbers. Exploitations of vulnerabilities may corrupt memory spaces and program states, lead to denial of services and authorization bypassing, and leak sensitive information. Monitoring at the program code level can be a way of vulnerability exploitation detection at runtime. In this work, we propose a monitor embedding framework DESERVE (a framework for Detecting program Security Vulnerability Exploitations). DESERVE identifies exploitable statements from source code based on static backward slicing and embeds necessary code to detect attacks. During the deployment stage, the enhanced programs execute exploitable statements in a separate test environment. Unlike traditional monitors that extract and store program state information to compare with vulnerable free program states to detect exploitation, our approach does not need to save state information. Moreover, the slicing technique allows us avoid the tracking of fine grained level of information about runtime program environments such as input flow and memory state. We implement DESERVE for detecting buffer overflow, SQL injection, and cross-site scripting attacks. We evaluate our approach for real-world programs implemented in C and PHP languages. The results show that the approach can detect some of the well-known attacks. Moreover, the approach imposes negligible runtime overhead.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信