CASPER: Compiler-Assisted Securing of Programs at Runtime

Abstract

Ensuring the security and integrity of computer systems deployed on the Internet is growing harder. This is especially true in the case of server systems based on open source projects like Linux, Apache, Sendmail, etc. since it is easier for a hacker to get access to the binary format of deployed applications if the source code to the software is publicly accessible. Often, having a binary copy of an application program is enough to help locate security vulnerabilities in the program. In the case of legacy systems where the source code is not available, advanced reverse-engineering and decompilation techniques can be used to construct attacks. This paper focuses on measures that reduce the effectiveness of hackers at conducting large-scale, distributed attacks. The first line of defense involves additional runtime checks that are able to counteract the majority of hacking attacks. Introducing diversity in deployed systems to severely diminish the probability of propagation to other systems helps to prevent effective attacks like the DDOS attack against the DNS root servers in October 21, 2002.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2002
Accession Number
ADA446095

Entities

People

  • Angelos Keromytis
  • Gail E. Kaiser
  • Gaurav S. Ke
  • Stephen A. Edwards

Organizations

  • Columbia University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Air Force Research Laboratories
  • Application Software
  • C Programming Language
  • Compilers
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Debugging
  • Language
  • New York
  • Object Code
  • Operating Systems
  • Programming Languages
  • Standards

Fields of Study

  • Computer science
  • Engineering

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.
  • Parallel and Distributed Computing.