Abstract
Software patching has not been effective as a first-line defense against large-scale worm attacks, even when patches have long been available for their corresponding vulnerabilities. Generally, people have been reluctant to patch their systems immediately, because patches are perceived to be unreliable and disruptive to apply. To address this problem, we propose a first-line worm defense in the network stack, using
shields
-- vulnerability-specific, exploit-generic network filters installed in end systems once a vulnerability is discovered, but before a patch is applied. These filters examine the incoming or outgoing traffic of vulnerable applications, and correct traffic that exploits vulnerabilities. Shields are less disruptive to install and uninstall, easier to test for bad side effects, and hence more reliable than traditional software patches. Further, shields are resilient to polymorphic or metamorphic variations of exploits [43].In this paper, we show that this concept is feasible by describing a prototype Shield framework implementation that filters traffic above the transport layer. We have designed a safe and restrictive language to describe vulnerabilities as partial state machines of the vulnerable application. The expressiveness of the language has been verified by encoding the signatures of several known vulnerabilites. Our evaluation provides evidence of Shield's low false positive rate and small impact on application throughput. An examination of a sample set of known vulnerabilities suggests that Shield could be used to prevent exploitation of a substantial fraction of the most dangerous ones.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Software
Reference46 articles.
1. Windows of vulnerability: a case study analysis
2. William Bush Jonathan D. Pincus and David J. Sielaff. A Static Analyzer for Finding Dynamic Programming Errors. Software-Practice and Experience (SP&E) 2000.]] 10.1002/(SICI)1097-024X(200006)30:7%3C775::AID-SPE309%3E3.0.CO;2-H William Bush Jonathan D. Pincus and David J. Sielaff. A Static Analyzer for Finding Dynamic Programming Errors. Software-Practice and Experience (SP&E) 2000.]] 10.1002/(SICI)1097-024X(200006)30:7%3C775::AID-SPE309%3E3.0.CO;2-H
3. Byacc. http://dickey.his.com/byacc/byacc.html.]] Byacc. http://dickey.his.com/byacc/byacc.html.]]
Cited by
40 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献