2nd Workshop on Recent Advances on Intrusion-Tolerant Systems
WRAITS 2008
In conjunction with the European Conference on Computer Systems - EuroSys 2008
April 1st, 2008
Keynote Speech:
Bouncer: Securing Software by Blocking Bad Input
Manuel Costa
Microsoft Research
Abstract:
Attackers exploit software vulnerabilities to control or crash programs. Bouncer
uses existing software instrumentation techniques to detect attacks and it
generates filters automatically to block exploits of the target vulnerabilities.
The filters are deployed automatically by instrumenting system calls to drop
exploit messages. These filters introduce low overhead and they allow programs
to keep running correctly under attack. Previous work computes filters using
symbolic execution along the path taken by a sample exploit, but attackers can
bypass these filters by generating exploits that follow a different execution
path. Bouncer introduces three techniques to generalize filters so that they are
harder to bypass: a new form of program slicing that uses a combination of
static and dynamic analysis to remove unnecessary conditions from the filter;
symbolic summaries for common library functions that characterize their behavior
succinctly as a set of conditions on the input; and generation of alternative
exploits guided by symbolic execution. Bouncer filters have low overhead, they
do not have false positives by design, and our results show that Bouncer can
generate filters that block all exploits of some real-world vulnerabilities.