Runtime Defense against Code Injection Attacks Using Replicated Execution.

Our experiments show that the multi-variant execution technique is effective in detecting and preventing code injection attacks. ... The number and complexity of attacks on computer systems are increasing. This growth necessitates proper defense mechanisms. ... Consequently, an attack launched against a multivariant environment with this configuration would be successful at compromising all variants and any system calls made in injected code would be executed ...

doi:10.1109/tdsc.2011.18 fatcat:okwhqckz3zfs3b33ez6selz7zy

A comprehensive taxonomy is drawn out describing the different techniques used to prevent, detect, protect and defend against XSS attacks. ... The survey highlighted the limitations, discussed the potentials of existing XSS attack defense mechanisms and identified potential gaps. ... XSS attack detection techniques Runtime detection of attacks forms the last defense line against new and unknown attacks in the web. ...

arXiv:2205.08425v2 fatcat:mz2upyb3d5ekllmw66t7s4rsom

Open Access Multiple Versions

., proactive and reactive) defense to protect against those attacks. Our proactive security layer utilizes state-of-the-art program analysis to detect potentially malicious user code. ... Hence, they allow users to execute arbitrary code to analyze the data. ... Runtime checks guard against the cases when an attacker can bypass the proactive defense to use an adversarial coding capability. ...

arXiv:2106.13123v3 fatcat:kqvnwneen5htzmodfsdzqpwkfy

Multiple Versions

Unlike other defenses, it introduces uncertainty in the target. Precise knowledge of the target software provides the underpinning for a wide range of attacks. ... This makes diversity a broad rather than narrowly focused defense mechanism. ... Program source code is stored as non-executable data, so existing anti-code injection defenses are insufficient. JIT spraying [10] is a recent attack of this kind. ...

doi:10.1109/sp.2014.25 dblp:conf/sp/LarsenHBF14 fatcat:2z54gsh6cbhk3ihyaq4i6he7h4

Most current defenses against this form of attack use a 'guard all doors' strategy, trying to block the avenues by which execution can be diverted. ... Binary code injection into an executing program is a common form of attack. ... the partial support of the National Science Foundation (grants ANIR-9986555, CCR-0219587, CCR-0085792, CCR-0311686, EIA-0218262, and EIA-0238027), the Office of Naval Research (grant N00014-99-1-0417), Defense ...

doi:10.1145/948143.948147 fatcat:uhc3ykg3wveylodmvukhl2odm4

Most current defenses against this form of attack use a 'guard all doors' strategy, trying to block the avenues by which execution can be diverted. ... Binary code injection into an executing program is a common form of attack. ... the partial support of the National Science Foundation (grants ANIR-9986555, CCR-0219587, CCR-0085792, CCR-0311686, EIA-0218262, and EIA-0238027), the Office of Naval Research (grant N00014-99-1-0417), Defense ...

doi:10.1145/948109.948147 dblp:conf/ccs/BarrantesAPSZ03 fatcat:gzgwdwnlcbb3jaseeybwnvu7ua

Code injection attacks that target the control-data of an application have been prevalent amongst exploit writers for over 20 years. ... In this paper we present ValueGuard, a canary-based defense mechanism to protect applications against data-only buffer overflow attacks. ... Even if an attacker somehow manages to gain control of the execution-flow of the process, he can no longer execute code that he earlier injected. ...

doi:10.1007/978-3-642-17714-9_12 fatcat:z5pfh2q7ojbevoem5mtwpd5odm

As they are increasingly used for critical services, web applications have become a popular and valuable target for security attacks. ... Although a large body of techniques have been developed to fortify web applications and mitigate attacks launched against web applications, there has been little effort devoted to drawing connections among ... Most defense techniques against input validation attacks focus on these two attacks. 3.1.1 SQL Injection. ...

doi:10.1145/2541315 fatcat:bjbtc55l4rf2bhbwznyhbldbge

We discovered challenges in every aspect of formal verification, rising from (1) the ever-expanding attack surface from evolved system design, (2) the real-time constraint during the program execution, ... Vulnerabilities in PLC programs might lead to attacks causing devastating consequences to the critical infrastructure, as shown in Stuxnet and similar attacks. ... We want to understand how these weaknesses have been used in different attacks, and how existing solutions defend against the attacks. ...

arXiv:2006.04806v3 fatcat:axupsga555gbhpe7wou5p7ggni

Multiple Versions

Under RISE, injected code (attacks) essentially executes random code sequences. ... Injecting binary code into a running program is a common form of attack. Most defenses employ a "guard the doors" approach, blocking known mechanisms of code injection. ... Program-Level Defenses Against Code Injection. ...

doi:10.1145/1053283.1053286 fatcat:swetal6wszcftkrbfbmduvz3ei

Such attacks subvert the control flow of the application either to injected code or to existing code which is then executed in a different context. ... Code injection attacks exploit these to gain control over the execution-flow of applications. These attacks have played a key role in many major security incidents. ... The most used instantiation of this attack is against browsers: it uses javascript to fill the browser's memory with injected code (e.g. 1GB of memory). ...

doi:10.1145/2187671.2187679 fatcat:4kuj5cgppba2bgdcjd66xu4vgu

Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to provide stronger guarantees that a platform is executing the expected software and ... The GOT holds the runtime addresses of global data and functions that may not be known at compile time. The PLT holds executable code used to make external function calls via the GOT. ... Thread Injection Given the ability to run arbitrary code in a process, it's trivial for an attacker to spawn a new thread via the clone system call. ...

arXiv:1904.12896v1 fatcat:ggzpahlljbg5vkejhsdti5olhe

Multi-variant code execution is a runtime monitoring technique which prevents malicious code execution [29] . This technique uses diversity to protect against malicious code injection attacks. ... Code injection attacks can succeed when the injected code is compatible with the execution environment. ...

doi:10.1007/978-3-642-27189-2_24 fatcat:vq4n3xqtqjbd5ekp7mmvnf4x3u

It can be implemented with low runtime overheads. ... These aspects make it particularly effective against large-scale attacks such as Code Red, since each infection attempt requires significantly more resources, thereby slowing down the propagation rate ... It is useful against attacks where attack code is injected into the heap in the first step, and then a subsequent buffer overflow is used to modify the return address to point to this heap address. ...

dblp:conf/uss/BhatkarDS03 fatcat:pvs7npir5jcj7pwpnlzrutbklm

With this approach, it is possible to reason about the impact of a potential security breach on the system, assess the overall security posture of the system, and achieve defense in depth. ... In ABSP, detection and mitigation of security threats are informed by an architectural representation of the running system, maintained at runtime. ... For SQL injection risks, for instance, one can conduct static code analysis to find all occurrence of the use of SQL statement interpreters; • Use whitelist input validation to ensure all special characters ...

doi:10.1145/2465478.2465479 dblp:conf/qosa/YuanMSGG13 fatcat:sbhb7vucvfe5plmyygyybkr3lu

Runtime Defense against Code Injection Attacks Using Replicated Execution

Preserved Fulltext

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey [article]

Preserved Fulltext

Other Versions

Break it, Fix it: Attack and Defense for "Add-on" Access Control Solutions in Distributed Data Analytics Platforms [article]

Preserved Fulltext

Other Versions

SoK: Automated Software Diversity

Preserved Fulltext

Randomized instruction set emulation to disrupt binary code injection attacks

Preserved Fulltext

Randomized instruction set emulation to disrupt binary code injection attacks

Preserved Fulltext

ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows [chapter]

Preserved Fulltext

A survey on server-side approaches to securing web applications

Preserved Fulltext

SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses [article]

Preserved Fulltext

Other Versions

Randomized instruction set emulation

Preserved Fulltext

Runtime countermeasures for code injection attacks against C and C++ programs

Preserved Fulltext

Technical Report: A Toolkit for Runtime Detection of Userspace Implants [article]

Preserved Fulltext

Diversity-Based Approaches to Software Systems Security [chapter]

Preserved Fulltext

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits

Preserved Fulltext

Architecture-based self-protecting software systems

Preserved Fulltext