Server-side code injection attacks used to be one of the main culprits for the spread of malware. A vast amount of research has been devoted to the problem of effectively detecting and analyzing these attacks. Common belief seems to be that these attacks are now a marginal threat compared to other attack vectors such as drive-by download and targeted emails. However, information on the complexi...

Software vulnerabilities that enable the injection and execution of malicious code in pervasive Internet-connected computing devices pose serious threats to cyber security. In a common type of attack, a hostile party induces a software buffer overflow in a susceptible computing device in order to corrupt a procedure return address and transfer control to malicious code. These buffer overflow at...

Buffer overflow attacks are still a serious threat to the security of software systems. One of the most important classes of buffer overflow attacks is code-injection attacks, in which malicious code is injected into a memory area of vulnerable software and eventually executed. In this paper, we propose a simple and effective method for preventing code-injection attacks. The basic idea is to ad...

In order to combat code injection attacks, modern operating systems use among others, the Write-XOR-Execute (W⊕X) countermeasure which disallows code execution from writable memory pages. Unfortunately though, a widely used programming technique, namely Just-in-time compilation (JIT), clashes with the use of this countermeasure since its use relies on writable memory where it places dynamically...

Code injection attacks against server and client applications have become the primary method of malware spreading. A promising approach for the detection of previously unknown code injection attacks at the network level, irrespective of the particular exploitation method used or the vulnerability being exploited, is to identify the malicious code that is part of the attack vector, also known as...

Intrusion detection systems (IDSs) are widely recognised as the last line of defence often used to enable incident response when intrusion prevention mechanisms are ineffective, or have been compromised. A signature based network IDS (NIDS) which operates by comparing network traffic to a database of suspicious activity patterns (known as signatures) is a popular solution due to its ease of dep...

Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing malicious code in the heap, increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of a...

Tuning parallel applications requires the use of effective tools for detecting performance bottlenecks. Along a parallel program execution, many individual situations of performance degradation may arise. We believe that an exhaustive and time–aware tracing at a fine–grain level is essential to capture this kind of situations. This paper presents a tracing mechanism based on dynamic code interp...

Security vulnerabilities in the web applications that we use to shop, bank, and socialize online expose us to exploits that cost billions of dollars each year. This paper describes the design and implementation of AspectShield, a system designed to mitigate the most common web application vulnerabilities without requiring costly and potentially dangerous modifications to the source code of vuln...

Separation of concerns, which allows programming the nun-functional aspects of an application in a more or less orthogonal manner from the functional code, is becoming a general trend in software development. The most widely used architectural pattern for implementing aspects involves indirection objects, raising a performance overhead at execution time. Thus, it appears as being an attractive ...