Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software
Software vulnerabilities have had a devastating effect on the Internet. Worms such as Code Red and Slammer can compromise hundreds of thousands of hosts within hours or even minutes, and cause millions of dollars of damage. To successfully combat these fast automatic Internet attacks, one needs fast automatic attack detection and filtering mechanisms. In this paper, the authors propose dynamic taint analysis for automatic detection of overwrite attacks, which include most types of exploit. This approach does not need source code or special compilation for the monitored program, and hence works on commodity software.