Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป SigFree: A Signature-free Buffer Overflow Attack Blocker
Tweet

connect with us

SigFree: A Signature-free Buffer Overflow Attack Blocker

Abstract: 

We propose SigFree, a realtime, signature-free, out-of-the-box, application layer blocker for preventing buffer overflow attacks, one of the most serious cyber security threats. SigFree can filter out code-injection buffer overflow attack messages targeting at various Internet services such as web service. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. SigFree first blindly dissembles and extracts instruction sequences from a request. It then applies a novel technique called code abstraction, which uses data flow anomaly to prune useless instructions in an instruction sequence. Finally it compares the number of useful instructions to a threshold to determine if this instruction sequence contains code. SigFree is signature free, thus it can block new and unknown buffer overflow attacks; SigFree is also immunized from most attack-side code obfuscation methods. Since SigFree is transparent to the servers being protected, it is good for economical Internet wide deployment with very low deployment and maintenance cost. We implemented and tested SigFree; our experimental study showed that SigFree could block all types of codeinjection attack packets (above 250) tested in our experiments. Moreover, SigFree causes negligible throughput degradation to normal client requests.

Xinran Wang, The Pennsylvania State University

Chi-Chun Pan, The Pennsylvania State University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {268872,
author = {Xinran Wang and Chi-Chun Pan},
title = {{SigFree}: A Signature-free Buffer Overflow Attack Blocker},
booktitle = {15th USENIX Security Symposium (USENIX Security 06)},
year = {2006},
address = {Vancouver, B.C. Canada},
url = {https://www.usenix.org/conference/15th-usenix-security-symposium/sigfree-signature-free-buffer-overflow-attack-blocker},
publisher = {USENIX Association},
month = jul
}
Download

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

Links

Paper: 
http://usenix.org/events/sec06/tech/full_papers/wang/wang.pdf
Paper (HTML): 
http://usenix.org/events/sec06/tech/full_papers/wang/wang_html/index.html
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us