Securing software by enforcing data-flow integrity. Castro, M., Costa, M., & Harris, T. In Proc. of the Seventh USENIX Symp. on Oper. Systems Design and Impl., pages 147--160, 2006.
Securing software by enforcing data-flow integrity [link]Paper  abstract   bibtex   
Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.
@inproceedings{castro_securing_2006,
	title = {Securing software by enforcing data-flow integrity},
	isbn = {1-931971-47-1},
	url = {http://portal.acm.org/citation.cfm?id=1298455.1298470},
	abstract = {Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.},
	urldate = {2011-05-01TZ},
	booktitle = {Proc. of the {Seventh} {USENIX} {Symp}. on {Oper}. {Systems} {Design} and {Impl}.},
	author = {Castro, Miguel and Costa, Manuel and Harris, Tim},
	year = {2006},
	keywords = {DFI},
	pages = {147--160}
}
Downloads: 0