Practical Automated Vulnerability Monitoring Using Program State Invariants

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Despite the growing attention to security concerns and advances in code verification tools, many memory errors still escape testing and plague production applications with security vulnerabilities. We present RCORE, an efficient dynamic program monitoring infrastructure to perform automated security vulnerability monitoring. Our approach is to perform extensive static analysis at compile time to automatically index program state invariants (PSIs). At runtime, our novel dynamic analysis continuously inspects the program state and produces a report when PSI violations are found. Our technique retrofits existing applications and is designed for both offline and production runs. To avoid slowing down production applications, we can perform our dynamic analysis on idle cores to detect suspicious behavior in the background. The alerts raised by our analysis are symptoms of memory corruption or other-potentially exploitable-dangerous behavior. Our experimental evaluation confirms that RCORE can report on several classes of vulnerabilities with very low overhead.
Original languageEnglish
Title of host publicationProceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks
PublisherIEEE CS
Pages1-12
ISBN (Electronic)978-1-4673-6472-0
ISBN (Print)978-1-4673-6471-3
DOIs
Publication statusPublished - 2013

Fingerprint Dive into the research topics of 'Practical Automated Vulnerability Monitoring Using Program State Invariants'. Together they form a unique fingerprint.

Cite this