Cyber attacks against networked computers have become relentless in recent years. The most common attack method is to exploit memory corruption vulnerabilities such as buffer overflow and format string bugs. This paper presents a technique to automatically identify both known and unknown memory corruption vulnerabilities. Based on the observation that a randomized program usually crashes upon a memory corruption attack, this technique uses the crash as a trigger to initiate an automatic diagnosis algorithm. The output of the diagnosis includes the instruction that is tricked to corrupt data, the call stack at the time of corruption, and the propagation history of corrupted data. These results provide useful information in fixing the vulnera...
Malware brings significant threats to modern digitized society. Malware developers put in significan...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
We present a new technique, failure-oblivious computing,that enables programs to continue to execute...
Vulnerability diagnosis is important for program security analysis. It is a further step to understa...
Various methods for memory fault detection have been developed through continuous study. However, ma...
Abstract. Inputs to many application and server programs contain rich and consistent structural info...
Memory corruptions are a major part of security attacks observed nowadays. Many protection mechanis...
Software vulnerabilities widely exist among various software from operating system kernel to web bro...
One of the most prevalent, ancient and devastating vulnerabilities which is increasing rapidly is Me...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
The widespread use of the Internet has caused computer security to become an important issue. Curren...
The goal of the research presented in this dissertation is to prevent, detect, and mitigate maliciou...
Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations,...
Pointer taintedness is a concept which has been successfully employed as basis for vulnerability ana...
307 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2009.The key insight in this disse...
Malware brings significant threats to modern digitized society. Malware developers put in significan...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
We present a new technique, failure-oblivious computing,that enables programs to continue to execute...
Vulnerability diagnosis is important for program security analysis. It is a further step to understa...
Various methods for memory fault detection have been developed through continuous study. However, ma...
Abstract. Inputs to many application and server programs contain rich and consistent structural info...
Memory corruptions are a major part of security attacks observed nowadays. Many protection mechanis...
Software vulnerabilities widely exist among various software from operating system kernel to web bro...
One of the most prevalent, ancient and devastating vulnerabilities which is increasing rapidly is Me...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
The widespread use of the Internet has caused computer security to become an important issue. Curren...
The goal of the research presented in this dissertation is to prevent, detect, and mitigate maliciou...
Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations,...
Pointer taintedness is a concept which has been successfully employed as basis for vulnerability ana...
307 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2009.The key insight in this disse...
Malware brings significant threats to modern digitized society. Malware developers put in significan...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
We present a new technique, failure-oblivious computing,that enables programs to continue to execute...