Sigfree ppt (International Journal of Computer Science and Mobile Computing)
description
Transcript of Sigfree ppt (International Journal of Computer Science and Mobile Computing)
Page 3
The history of cyber security, buffer over- flow is one
of the most serious vulnerabilities in computer
systems.Buffer overflow vulnerability is a root cause for most
of the cyber-attack.A buffer overflow occurs during program execution
when a fixed-size buffer has had too much data copied
into it.
Page 4
This causes the data to overwrite into adjacent
memory locations.It depending on what is stored there, the behavior of
the program itself might be affected. Although taking a broader viewpoint, buffer overflow
attacks do not always carry binary code in the attacking
requests.
Page 6
SigFree is mainly related to three bodies of work:Prevention/detection techniques of buffer overflows :
Existing prevention/detection techniques of buffer over-
flows can be roughly broken down into six classes.Worm detection and signature generation : Based on
the nature of worm infection symptoms, three classes.Macro symptomsLocal traffic symptomsWorm code running symptoms
Page 8
Although tons of research has been done to
tackle buffer overflow attacks, existing defenses
are still quite limited in meeting four highly
desired requirements:(R1) simplicity in maintenance;(R2) transparency to existing (legacy) server OS,
application software, and hardware;(R3) resiliency to obfuscation;(R4) economical Internet-wide deployment.
Page 9
Accordingly, SigFree (Fig. 1) works as follows:SigFree is an application layer blocker that typically
stays between a service and the corresponding firewall.
Page 11
To avoid detection by users, some viruses employ
different kinds of deception.MS-DOS platform, make sure that the "last modified"
date of a host file stays the sameSome viruses can infect files without increasing their
sizes or damaging the files.Some viruses try to avoid detection by killing the tasks
associated with antivirus software before it can detect
them.
Page 13
The proxy-based SigFree could not handle encrypted or
encoded data directly.A particular example is SSLenabled web server.Enhancing security between web clients and web
servers.SSL also causes the difficulty for out-of-box malicious
code detectors.SSL is implemented as a server module
Page 14
To support SSL functionality, an SSL proxy such as
Stunnel (Fig. 4) may be deployed to securely tunnel the
traffic between clients and web servers.
Page 16
SigFree has taken a main step forward in meeting the
four requirementsBlock new and unknown buffer overflow attacks. Uses generic code-data separation criteria feature separates SigFree from an independent work An out-of-the-box solution that requires no server side
changes.An economical deployment with very low maintenance
cost
Page 18
worth mentioningtool is also widely applicable to many programsproxybased SigFree - used to protect all internet
servicesused to protect some Internet servicesGenerate many false positivesprovide file system real-time protection
Page 20
We have proposed SigFree.An online signature-free out-of-the-box blocker that
can filter code-injection buffer overflow attack messagesOne of the most serious cyber security threats.Does not require any signatures.It can block new unknown attacks.Immunized from most attack-side code obfuscation
method.
Page 22
Citeseer: Scientific Literature Digital Library,
http://citeseer.ist.psu.edu, 2007.The Metasploit Project, http://www.metasploit.com,
2007.Jempiscodes—A Polymorphic Shellcode Generator,
http:// www.shellcode.com.ar/en/proyectos.html, 2007.