First International Conference on Availability, Reliability and Security (ARES'06) (2006)
Apr. 20, 2006 to Apr. 22, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2006.11
Zhiqiang Lin , Nanjing University, Nanjing, 210093, China
Bing Mao , Nanjing University, Nanjing, 210093, China
Li Xie , Nanjing University, Nanjing, 210093, China
Many security attacks are caused by software vulnerabilities such as buffer overflow. How to eliminate or mitigate these vulnerabilities, in particular with unstoppable software, is a great challenge for security researchers and practitioners. In this paper, we propose a practical framework to immunize software security vulnerabilities on the fly. We achieve the vulnerability immunization by using a security antibody, which can be implemented independently from the protected software and is used to defend against vulnerability exploitation attacks. And we employ in-core patching technique to attach the antibody quietly into running process, and hence we neither need to re-compile nor re-execute the protected software. The effectiveness of our framework depends on the effectiveness of the antibody that is implemented by redirecting flaw functions into secure ones. As a proof of concept, we have built a prototype and applied it to prevent the software from buffer overflow attacks. Preliminary experimental results show that our framework is practical and efficient for the dynamical immunization of software security vulnerabilities.
B. Mao, Z. Lin and L. Xie, "A Practical Framework for Dynamically Immunizing Software Security Vulnerabilities," First International Conference on Availability, Reliability and Security (ARES'06)(ARES), Vienna, Austria, 2006, pp. 348-357.