I want to draw your attention to today's 4PM joint security/PL seminar,
where Jonathon Giffin (UW) will talk about automatic extraction of accurate
application-Specific sandboxing policy.
This is an informal presentation meant to generate vigurous discussion, so
feel free to ask questions throughout the talk.
Date, time, location:
--------------------
today [Thursday, October 7, 2004]
4:00 - 5:00 PM
1221 CS
Abstract:
--------
I present work by Lap Chung Lam and Tzi-Cker Chiueh that appeared at RAID
2004. You have likely heard previous talks about my own work: using static
binary analysis to build models of correct program execution. Here is an
opportunity to learn about another approach to model construction. This will
be an informal discussion; come ready to critique and brainstorm.
The paper describes the design, implementation, and evaluation of a "program
semantics-aware intrusion detection system" called Paid, which automatically
derives an application-specific system call behavior model from the
application's source code and checks the application's run-time system call
pattern against this model to thware any control hijacking attacks. The
per-application behavior model is in the form of the sites and orderings of
system calls made in the application, as well as its partial control flow.
Mihai
--
- mihai@xxxxxxxxxxx - http://www.cs.wisc.edu/~mihai -
-------------------------------------------------------
The man of knowledge must be able not only to love
his enemies but also to hate his friends.
- Friedrich Nietzsche
-------------------------------------------------------
-- Feed the machine that burns in your head. --
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}