Automatic Software Instrumentation for the Detection of Non-control-data Attacks

  • Jonathan-Christofer Demay
  • Éric Totel
  • Frédéric Tronel
Conference paper

DOI: 10.1007/978-3-642-04342-0_19

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5758)
Cite this paper as:
Demay JC., Totel É., Tronel F. (2009) Automatic Software Instrumentation for the Detection of Non-control-data Attacks. In: Kirda E., Jha S., Balzarotti D. (eds) Recent Advances in Intrusion Detection. RAID 2009. Lecture Notes in Computer Science, vol 5758. Springer, Berlin, Heidelberg

Abstract

To detect intrusions resulting of an attack that corrupted data items used by a program to perform its computation, we propose an approach that automatically instruments programs to control a data-based behavior model during their execution. We build our model by discovering the sets of data the system calls depend on and which constraints these sets must verify at runtime. We have implemented our approach using a static analysis framework called Frama-C and we present the results of experimentations on a vulnerable version of OpenSSH.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jonathan-Christofer Demay
    • 1
  • Éric Totel
    • 1
  • Frédéric Tronel
    • 1
  1. 1.SUPELEC, RennesFrance

Personalised recommendations