Association for Computing Machinery
System call interposition is a common approach to restrict the power of applications and to detect code injections. It enforces a model that describes what system calls and/or what sequences thereof are permitted. However, there exist various issues like concurrency vulnerabilities and incomplete models that restrict the power of system call interposition approaches. The authors present a new system, SwitchBlade that uses randomized and personalized fine-grained system call models to increase the probability of detecting code injections. However, using a fine-grain system call model, they cannot exclude the possibility that the model is violated during normal program executions.