Title :
Security Vulnerabilities: From Analysis to Detection and Masking Techniques
Author :
Chen, Shuo ; Xu, Jun ; Kalbarczyk, Zbigniew ; Iyer, Ravishankar K.
Author_Institution :
Coordinated Sci. Lab., Univ. of Illinois, Urbana-Champaign, IL, USA
Abstract :
This paper presents a study that uses extensive analysis of real security vulnerabilities to drive the development of: 1) runtime techniques for detection/masking of security attacks and 2) formal source code analysis methods to enable identification and removal of potential security vulnerabilities. A finite-state machine (FSM) approach is employed to decompose programs into multiple elementary activities, making it possible to extract simple predicates to be ensured for security. The FSM analysis pinpoints common characteristics among a broad range of security vulnerabilities: predictable memory layout, unprotected control data, and pointer taintedness. We propose memory layout randomization and control data randomization to mask the vulnerabilities at runtime. We also propose a static analysis approach to detect potential security vulnerabilities using the notion of pointer taintedness.
Keywords :
finite state machines; security of data; data randomization; detection techniques; finite-state machine; formal source code analysis; masking techniques; memory layout randomization; pointer taintedness; runtime techniques; security attacks; security vulnerabilities; unprotected control data; Buffer overflow; Computer science; Computer security; Data analysis; Data mining; Data security; Databases; Gain measurement; Protection; Runtime; Protection; randomization; security attack; vulnerability;
Journal_Title :
Proceedings of the IEEE
DOI :
10.1109/JPROC.2005.862473
