Download now Free registration required
Software developers are increasingly choosing memory-safe languages. As a result, semantic vulnerabilities - omitted security checks, mis-configured security policies, and other software design errors - are supplanting memory-corruption exploits as the primary cause of security violations. Semantic attacks are difficult to detect because they violate program semantics, rather than language semantics. This paper presents PECAN, a new dynamic anomaly detector. PECAN identifies unusual program behavior using history sensitivity and depth-limited context sensitivity. Prior work on context-sensitive anomaly detection relied on stack-walking, which incurs overheads of 50% to over 200%.
- Format: PDF
- Size: 200.9 KB