Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Research on Automated Defenses for Common Exploits

Software exploit defenses have long remained as one of the most important research areas in the lab. Given the large base of existing software, and large gaps in automated or manual code analyses for discovering them, automated exploit defenses remain as perhaps one bright area, as these techniques are often able to block vast classes of popular exploits at little (or relatively low) cost.

Our research initially targeted the popular memory error exploits  [28, 27, 23, 21, 20]. Many of these defenses rely on randomization, and are hence subject to brute-force attacks that try to guess the randomization key. To defend against these attacks, we developed novel techniques that rely on a forensic analysis of the memory space of randomized applications and/or application behavior models to synthesize accurate attack signatures  [26, 25]. These signatures are developed within milliseconds after the first unsuccessful attack, and can hence defeat brute-force attacks.

We subsequently extended automated exploit defense to a much larger class of vulnerabilities, including those that lead to SQL injection, command injection, cross-site scripting, path-traversal, format-string vulnerabilities, and so on  [24, 19]. Automated exploit defense continue to be one of the most active areas of research within the lab.

Related Publications

[1]  Extracting Instruction Semantics Via Symbolic Execution of Code Generators
Niranjan Hasabnis and R. Sekar
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2016.
[2]  Lifting Assembly to Intermediate Representation: A Novel Approach Leveraging Compilers
Niranjan Hasabnis and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) April, 2016.
[3]  Code and Control Flow Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks
Mingwei Zhang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[4]  A Principled Approach for ROP Defense
Rui Qiao, Mingwei Zhang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[5]  Harbormaster: Policy Enforcement for Containers
Mingwei Zhang, Daniel Marino and Petros Efstathopoulos
IEEE CloudCom (CloudCom) November, 2015.
[6]  Automatic Generation of Assembly to IR Translators Using Compilers
Niranjan Hasabnis and R. Sekar
Workshop on Architectural and Microarchitectural Support for Binary Translation (AMAS-BT) February, 2015.
[7]  Eternal War in Memory
Laszlo Szekeres, Mathias Payer, Tao Wei and R. Sekar
IEEE Security and Privacy Magazine (S&P Magazine) May, 2014.
[8]  A Platform for Secure Static Binary Instrumentation
Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.
[9]  Control Flow Integrity for COTS Binaries
Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.
[10]  SoK: Eternal War in Memory
Laszlo Szekeres, Mathias Payer, Tao Wei and Dawn Song
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
[11]  Protecting Function Pointers in Binary
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant and Laszlo Szekeres
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2013.
[12]  Practical Control Flow Integrity and Randomization for Binary Executables
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song and Wei Zou
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
[13]  Protection, Usability and Improvements in Reflected XSS Filters
Riccardo Pelizzi and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
[14]  Taint-Enhanced Anomaly Detection
Lorenzo Cavallaro and R. Sekar
International Conference on Information Systems Security (ICISS) December, 2011.
[15]  A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
Riccardo Pelizzi and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2011.
[16]  PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs
Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens and Wouter Joosen
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010.
[17]  Online Signature Generation for Windows Systems
Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.
[18]  Practical Techniques for Regeneration and Immunization of COTS Applications
Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
[19]  An Efficient Black-box Technique for Defeating Web Application Attacks
R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
[20]  Anomalous Taint Detection (Extended Abstract)
Lorenzo Cavallaro and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06).
[21]  Data Space Randomization
Sandeep Bhatkar and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
[22]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking
Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.
[23]  Address-Space Randomization for Windows Systems
Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.
[24]  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
[25]  Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
[26]  Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
[27]  Efficient Techniques for Comprehensive Protection from Memory Error Exploits
Sandeep Bhatkar, R. Sekar and Daniel DuVarney
USENIX Security Symposium (USENIX Security) August, 2005.
[28]  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
Sandeep Bhatkar, Daniel DuVarney and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2003.
Overview

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations


Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools


Local Search



Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.