Skip to main content
SpringerLink
Log in
Book cover

Annual Asian Computing Science Conference

ASIAN 2006: Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues pp 90–104Cite as

Efficient and Practical Control Flow Monitoring for Program Security

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4435))

Abstract

Control-hijacking attacks are known as critical threats to software security. Control flow monitoring is a kind of important method to mitigate this problem. In this paper, we present a new method for program control flow monitoring. Based on the static analysis of a program, we apply very simple instrumentation of a program’s source code to encode its runtime function level control flow traces and check the correctness of the traces in the OS kernel. Experiments show that this method has a tiny performance impact and is still highly effective in detecting control-hijacking attacks. We also propose to automatically handle non-standard control flow by learning programs’ dynamic profiling data. Our method is hopeful to be enforceable in different environments because it does not depend closely on specific platform features and the underlying techniques can be easily found in many platforms.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. One, A.: Smashing The Stack For Fun And Profit. Phrack 7(49) (1996)

    Google Scholar 

  2. Lamagra Argamal.Ftpd: the advisory version. bugtraq mailing list (23 June, 2000) http://www.securityfocus.com/archive/1/66544

  3. Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proc of the Usenix Security Symposium (2002)

    Google Scholar 

  4. Abadi, M., Budiu, M., Erlingsson, ú., Ligatti, J.: Control-flow integrity. ACM Conference on Computer and Communications Security  (2005)

    Google Scholar 

  5. Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proc of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  6. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 144–155. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  7. Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 62–77. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  8. Basu, S., Uppuluri, P.: Proxy-annotated control flow graphs: Deterministic context-sensitive monitoring for intrusion detection. In: Ghosh, R.K., Mohanty, H. (eds.) ICDCIT 2004. LNCS, vol. 3347, pp. 353–362. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Feng, H., Giffin, J., Huang, Y., Jha, S., Lee, W., Miller, B.: Formalizing sensitivity in static analysis for intrusion detection. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 194–210. IEEE Computer Society Press, Los Alamitos (2004)

    Google Scholar 

  10. Giffin, J., Jha, S., Miller, B.: Efficient context-sensitive intrusion detection. In: NDSS 2004. Proc. of the Network and Distributed System Security Symposium (2004)

    Google Scholar 

  11. Lam, L., Chiueh, T.: Automatic extraction of accurate application-specific sandboxing policy. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 1–20. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Gopalakrishna, R., Spafford, E., Vitek, J.: Efficient intrusion detection using automaton inlining. In: Proc. of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  13. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the Effectiveness of Address Space Randomization. In: ACM Conference on Computer Security 2004, ACM Press, New York (2004)

    Google Scholar 

  14. Sovarel, A.N., Evans, D., Paul, N.: Where’s the FEEB? The Effectiveness of Instruction Set Randomization. In: Proc. of the 14th USENIX Security Symposium (July 31–August 5) Baltimore, MD (2005)

    Google Scholar 

  15. Erlingsson, Ú., Schneider, F.: IRM enforcement of java stack inspection. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 246–255 (2000)

    Google Scholar 

  16. McCamant, S., Morrisett, G.: Efficient, verifiable binary sandboxing for a CISC architecture. Technical Report MIT-LCS-TR-988, MIT Laboratory for Computer Science (2005)

    Google Scholar 

  17. Hind, M., Pioli, A.: Which pointer analysis should I use? In: Proc. of the International Symposium on Software Testing and Analysis (2000)

    Google Scholar 

  18. Steensgaard, B.: Points-to Analysis in Almost Linear Time. In: Proc. Symposium on Principles of Programming Languages (1996)

    Google Scholar 

  19. PaX Team. PaX address space layout randomiza-tion(ASLR), http://pax.grsecurity.net/docs/aslr.txt

  20. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS. Proc of the 10th ACM Conference on Computer and Communications Security, ACM Press, New York (2003)

    Google Scholar 

  21. Linn, C., Debray, S.: Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In: Proc. of the 10th ACM Conference on Computer and Communications Security (2003)

    Google Scholar 

  22. “Solar Designer”. Non-Executable User Stack, http://www.false.com/security/linux-stack/

  23. Necula, G.C., McPeak, S., Rahul, S.P., et al.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Horspool, R.N. (ed.) CC 2002 and ETAPS 2002. LNCS, vol. 2304, Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  24. Pozo, R., Miller, B.: SciMark 2.0. (June 20, 2000), http://math.nist.gov/scimark

  25. Wilander, J., Kamkar, M.: A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In: NDSS 2003. Proc of the 10th Network and Distrib-uted System Security Symposium, San Diego, California (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory for Novel Software Technology, Nanjing University, 210093, Nanjing, China

    Nai Xia, Bing Mao, Qingkai Zeng & Li Xie

Authors
  1. Nai Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bing Mao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qingkai Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Li Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mitsu Okada Ichiro Satoh

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xia, N., Mao, B., Zeng, Q., Xie, L. (2007). Efficient and Practical Control Flow Monitoring for Program Security. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77505-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77504-1

  • Online ISBN: 978-3-540-77505-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation