Name
Abstract | ||
|---|---|---|
Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead. |
Year | Venue | Keywords |
|---|---|---|
2006 | OSDI | false positive,data flow,static analysis |
Field | DocType | Citations |
Computer science,Computer security,Static analysis,Exploit,Real-time computing,Software,Enforcement,scanf format string,Buffer overflow,Data flow diagram,False positive paradox,Distributed computing | Conference | 127 |
PageRank | References | Authors |
5.59 | 26 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Miguel Castro | 1 | 5088 | 328.69 |
| Manuel Costa | 2 | 1589 | 88.62 |
| Tim Harris | 3 | 5393 | 417.21 |