Software

Efficient, Context-Sensitive Detection of Real-World Semantic Attacks

Download Now Free registration required

Executive Summary

Software developers are increasingly choosing memory-safe languages. As a result, semantic vulnerabilities - omitted security checks, mis-configured security policies, and other software design errors - are supplanting memory-corruption exploits as the primary cause of security violations. Semantic attacks are difficult to detect because they violate program semantics, rather than language semantics. This paper presents PECAN, a new dynamic anomaly detector. PECAN identifies unusual program behavior using history sensitivity and depth-limited context sensitivity. Prior work on context-sensitive anomaly detection relied on stack-walking, which incurs overheads of 50% to over 200%.

  • Format: PDF
  • Size: 200.9 KB