Securing software by enforcing data-flow integrity. Castro, M., Costa, M., & Harris, T. In Proc. of the Seventh USENIX Symp. on Oper. Systems Design and Impl., pages 147--160, 2006.
Paper abstract bibtex Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.
@inproceedings{castro_securing_2006,
title = {Securing software by enforcing data-flow integrity},
isbn = {1-931971-47-1},
url = {http://portal.acm.org/citation.cfm?id=1298455.1298470},
abstract = {Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.},
urldate = {2011-05-01TZ},
booktitle = {Proc. of the {Seventh} {USENIX} {Symp}. on {Oper}. {Systems} {Design} and {Impl}.},
author = {Castro, Miguel and Costa, Manuel and Harris, Tim},
year = {2006},
keywords = {DFI},
pages = {147--160}
}
Downloads: 0
{"_id":"57BNzyGoLmm9jTqjd","bibbaseid":"castro-costa-harris-securingsoftwarebyenforcingdataflowintegrity-2006","downloads":0,"creationDate":"2016-10-15T13:23:23.788Z","title":"Securing software by enforcing data-flow integrity","author_short":["Castro, M.","Costa, M.","Harris, T."],"year":2006,"bibtype":"inproceedings","biburl":"http://bibbase.org/zotero/pentarious","bibdata":{"bibtype":"inproceedings","type":"inproceedings","title":"Securing software by enforcing data-flow integrity","isbn":"1-931971-47-1","url":"http://portal.acm.org/citation.cfm?id=1298455.1298470","abstract":"Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.","urldate":"2011-05-01TZ","booktitle":"Proc. of the Seventh USENIX Symp. on Oper. Systems Design and Impl.","author":[{"propositions":[],"lastnames":["Castro"],"firstnames":["Miguel"],"suffixes":[]},{"propositions":[],"lastnames":["Costa"],"firstnames":["Manuel"],"suffixes":[]},{"propositions":[],"lastnames":["Harris"],"firstnames":["Tim"],"suffixes":[]}],"year":"2006","keywords":"DFI","pages":"147--160","bibtex":"@inproceedings{castro_securing_2006,\n\ttitle = {Securing software by enforcing data-flow integrity},\n\tisbn = {1-931971-47-1},\n\turl = {http://portal.acm.org/citation.cfm?id=1298455.1298470},\n\tabstract = {Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.},\n\turldate = {2011-05-01TZ},\n\tbooktitle = {Proc. of the {Seventh} {USENIX} {Symp}. on {Oper}. {Systems} {Design} and {Impl}.},\n\tauthor = {Castro, Miguel and Costa, Manuel and Harris, Tim},\n\tyear = {2006},\n\tkeywords = {DFI},\n\tpages = {147--160}\n}\n\n","author_short":["Castro, M.","Costa, M.","Harris, T."],"key":"castro_securing_2006","id":"castro_securing_2006","bibbaseid":"castro-costa-harris-securingsoftwarebyenforcingdataflowintegrity-2006","role":"author","urls":{"Paper":"http://portal.acm.org/citation.cfm?id=1298455.1298470"},"keyword":["DFI"],"downloads":0},"search_terms":["securing","software","enforcing","data","flow","integrity","castro","costa","harris"],"keywords":["dfi"],"authorIDs":[],"dataSources":["QiRZ7m7shEMvADZkd"]}