@inproceedings{costa2007bouncer, author = {Costa, Manuel and Castro, Miguel and Zhou, Lidong and Zhang, Lintao and Peinado, Marcus}, title = {Bouncer: securing software by blocking bad input}, booktitle = {ACM Symposium on Operating Systems Principles (SOSP)}, year = {2007}, month = {October}, abstract = {Attackers exploit software vulnerabilities to control or crash programs. Bouncer uses existing software instrumentation techniques to detect attacks and it generates filters auto- matically to block exploits of the target vulnerabilities. The filters are deployed automatically by instrumenting system calls to drop exploit messages. These filters introduce low overhead and they allow programs to keep running correctly under attack. Previous work computes filters using symbolic execution along the path taken by a sample exploit, but at- tackers can bypass these filters by generating exploits that follow a different execution path. Bouncer introduces three techniques to generalize filters so that they are harder to bypass: a new form of program slicing that uses a combina- tion of static and dynamic analysis to remove unnecessary conditions from the filter; symbolic summaries for common library functions that characterize their behavior succinctly as a set of conditions on the input; and generation of alterna- tive exploits guided by symbolic execution. Bouncer filters have low overhead, they do not have false positives by de- sign, and our results show that Bouncer can generate filters that block all exploits of some real-world vulnerabilities.}, publisher = {Association for Computing Machinery, Inc.}, url = {http://approjects.co.za/?big=en-us/research/publication/bouncer-securing-software-by-blocking-bad-input-2/}, edition = {ACM Symposium on Operating Systems Principles (SOSP)}, }