Our techniques enable BLACKBOX to efficiently monitor unexpected and potentially harmful control flow in COTS binaries. In this paper, we present BLACKBOX, a monitoring system for COTS software. Many attacks introduce abnormal control flows to compromise systems. Aviation has long-used black boxes to better understand the causes of accidents, enabling improvements that reduce the likelihood of future accidents. Moreover, even after an exploit is known, it can be difficult to determine whether it has been used to compromise a given machine. Any information residing on that machine cannot be trusted as attackers may have tampered with it to cover their tracks. After a software system is compromised, it can be difficult to understand what vulnerabilities attackers exploited.
0 Comments
Leave a Reply. |