Research on Automated Defenses for Common Exploits

Software exploit defenses have long remained as one of the most important research areas in the lab. Given the large base of existing software, and large gaps in automated or manual code analyses for discovering them, automated exploit defenses remain as perhaps one bright area, as these techniques are often able to block vast classes of popular exploits at little (or relatively low) cost.

Our research initially targeted the popular memory error exploits  [31, 30, 26, 24, 23]. Many of these defenses rely on randomization, and are hence subject to brute-force attacks that try to guess the randomization key. To defend against these attacks, we developed novel techniques that rely on a forensic analysis of the memory space of randomized applications and/or application behavior models to synthesize accurate attack signatures  [29, 28]. These signatures are developed within milliseconds after the first unsuccessful attack, and can hence defeat brute-force attacks.

We subsequently extended automated exploit defense to a much larger class of vulnerabilities, including those that lead to SQL injection, command injection, cross-site scripting, path-traversal, format-string vulnerabilities, and so on  [27, 22]. Automated exploit defense continue to be one of the most active areas of research within the lab.

Related Publications

[1]  Scalable, Sound, and Accurate Jump Table Analysis

Huan Nguyen, Soumyakant Priyadarshan and R. Sekar
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) October, 2024.

[2]  Accurate Disassembly of Complex Binaries Without Use of Compiler Metadata

Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) February, 2024.

[3]  SAFER: Efficient and Error-Tolerant Binary Instrumentation

Soumyakant Priyadarshan, Huan Nguyen, Rohit Chouhan and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2023.

[4]  Extracting Instruction Semantics Via Symbolic Execution of Code Generators

Niranjan Hasabnis and R. Sekar
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2016.

[5]  Lifting Assembly to Intermediate Representation: A Novel Approach Leveraging Compilers

Niranjan Hasabnis and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) April, 2016.

[6]  Code and Control Flow Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks

Mingwei Zhang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.

[7]  A Principled Approach for ROP Defense

Rui Qiao, Mingwei Zhang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.

[8]  Harbormaster: Policy Enforcement for Containers

Mingwei Zhang, Daniel Marino and Petros Efstathopoulos
IEEE CloudCom (CloudCom) November, 2015.

[9]  Automatic Generation of Assembly to IR Translators Using Compilers

Niranjan Hasabnis and R. Sekar
Workshop on Architectural and Microarchitectural Support for Binary Translation (AMAS-BT) February, 2015.

[10]  Eternal War in Memory

Laszlo Szekeres, Mathias Payer, Tao Wei and R. Sekar
IEEE Security and Privacy Magazine (S&P Magazine) May, 2014.

[11]  A Platform for Secure Static Binary Instrumentation

Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.

[12]  Control Flow Integrity for COTS Binaries

Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.

[13]  SoK: Eternal War in Memory

Laszlo Szekeres, Mathias Payer, Tao Wei and Dawn Song
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.

[14]  Protecting Function Pointers in Binary

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant and Laszlo Szekeres
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2013.

[15]  Practical Control Flow Integrity and Randomization for Binary Executables

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song and Wei Zou
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.

[16]  Protection, Usability and Improvements in Reflected XSS Filters

Riccardo Pelizzi and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.

[17]  Taint-Enhanced Anomaly Detection

Lorenzo Cavallaro and R. Sekar
International Conference on Information Systems Security (ICISS) December, 2011.

[18]  A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications

Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2011.

[19]  PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs

Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens and Wouter Joosen
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010.

[20]  Online Signature Generation for Windows Systems

Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.

[21]  Practical Techniques for Regeneration and Immunization of COTS Applications

Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.

[22]  An Efficient Black-box Technique for Defeating Web Application Attacks

R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.

[23]  Anomalous Taint Detection (Extended Abstract)

Lorenzo Cavallaro and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06).

[24]  Data Space Randomization

Sandeep Bhatkar and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.

[25]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking

Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.

[26]  Address-Space Randomization for Windows Systems

Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.

[27]  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks

Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).

[28]  Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models

Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).

[29]  Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers

Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).

[30]  Efficient Techniques for Comprehensive Protection from Memory Error Exploits

Sandeep Bhatkar, R. Sekar and Daniel DuVarney
USENIX Security Symposium (USENIX Security) August, 2005.

[31]  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits

Sandeep Bhatkar, Daniel DuVarney and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2003.

Research Areas

Research Problems

Local Search