Abstract | ||
---|---|---|
In this paper, we explore the problem of creating \emph{vulnerability signatures}. A vulnerability signature is based on a program vulnerability, and is not specific to any particular exploit. The advantage of vulnerability signatures is that their quality can be guaranteed. In particular, we create vulnerability signatures which are guaranteed to have zero false positives. We show how to automate signature creation for any vulnerability that can be detected by a runtime monitor. We provide a formal definition of a vulnerability signature, and investigate the computational complexity of creating and matching vulnerability signatures. We systematically explore the design space of vulnerability signatures. We also provide specific techniques for creating vulnerability signatures in a variety of language classes. In order to demonstrate our techniques, we have built a prototype system. Our experiments show that we can, using a single exploit, automatically generate a vulnerability signature as a regular expression, as a small program, or as a system of constraints. We demonstrate techniques for creating signatures of vulnerabilities which can be exploited via multiple program paths. Our results indicate that our approach is a viable option for signature generation, especially when guarantees are desired. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1109/TDSC.2008.55 | IEEE Trans. Dependable Sec. Comput. |
Keywords | Field | DocType |
specific technique,matching vulnerability signature,signature creation,small program,automatic generation,multiple program path,prototype system,vulnerability-based signatures,program vulnerability,vulnerability signature,computational complexity,signature generation,vulnerability,assembly,security,turing complete language,space exploration,information security,turing machines,web server,semantics,computer viruses,digital signatures | Regular expression,Turing completeness,Computer science,Computer virus,Digital signature,Exploit,Intrusion detection system,Computational complexity theory,Vulnerability,Distributed computing | Journal |
Volume | Issue | ISSN |
5 | 4 | 1545-5971 |
Citations | PageRank | References |
13 | 1.05 | 52 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
David Brumley | 1 | 2940 | 142.75 |
James Newsome | 2 | 1691 | 92.07 |
Dawn Song | 3 | 7334 | 385.37 |
Hao Wang | 4 | 239 | 18.42 |
S. Jha | 5 | 7921 | 539.19 |