Dave Maier

Bio: Dave Maier is an academic researcher from Oregon Health & Science University. The author has contributed to research in topics: Metadata modeling & Heap overflow. The author has an hindex of 3, co-authored 4 publications receiving 1504 citations.

StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

Abstract: This paper presents a systematic solution to the persistent problem of buffer overflow attacks. Buffer overflow attacks gained notoriety in 1988 as part of the Morris Worm incident on the Internet. While it is fairly simple to fix individual buffer overflow vulnerabilities, buffer overflow attacks continue to this day. Hundreds of attacks have been discovered, and while most of the obvious vulnerabilities have now been patched, more sophisticated buffer overflow attacks continue to emerge. We describe StackGuard: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties. Privileged programs that are recompiled with the StackGuard compiler extension no longer yield control to the attacker, but rather enter a fail-safe state. These programs require no source code changes at all, and are binary-compatible with existing operating systems and libraries. We describe the compiler technique (a simple patch to gcc), as well as a set of variations on the technique that trade-off between penetration resistance and performance. We present experimental results of both the penetration resistance and the performance impact of this technique.

Applying adaptation spaces to support quality of service and survivability

Abstract: Adaptation is a key technique in constructing survivable information systems. Allowing a system to continue running, albeit with reduced functionality or performance, in the face of reduced resources, attacks, or broken components is often preferable to either complete shutdown or continued normal operation in compromised mode. However, unpredictable adaptation can sometimes be worse than the problem it seeks to cope with. In this paper we introduce adaptation spaces, which precisely and predictably specify the adaptation of a software component. We then present two survivable systems that have been specified and implemented using adaptation spaces. The first example uses user preferences regarding quality in an audio application to guide the adaptation when available bandwidth decreases. The second trades off performance overhead with intrusion resistance for "stack-smashing" attacks. We formally define an adaptation space and show briefly how it enables certain kinds of reasoning about adaptive applications. We conclude with related work and future plans.

Representing, exploiting, and extracting metadata using metadata++

Abstract: Metadata++ is a superimposed metadata model that provides enhanced flexibility and functionality for creating, maintaining, and searching document metadata. The Metadata++ model has its roots in a traditional thesaurus.

The Development of Databases and Database Tools for Forest Canopy Researchers: A Model for Database Enhancement in the Ecological Sciences

Abstract: Solving biosphere-level problems such as global warming, decreasing biodiversity, and depletion of natural resources requires changes in the ways ecological research is carried out Historically, ecologists have collected and stored their data in individualist ways, making data sharing among collaborators and subsequent data mining difficult Integrating the use of database technology into the research process makes data sharing across studies and access to analysis tools easier Unfortunately, significant barriers to database use in this domain often prevent effective use of database technology, including lack of appropriate and domain-specific database tools, community data archives; standard data formats and common research protocols; limited database expertise among individual researchers; few incentives to contribute data or methods to common archives; and cultural differences between ecologists and computer scientists In this paper, we describe a model project whose aim is to build a system that will enable one subdiscipline of ecology to overcome some of these barriers, and serve both as a model system for other branches of ecology and as a model project for other ecosystem informatics research Section

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software

Abstract: Software vulnerabilities have had a devastating effect on the Internet. Worms such as CodeRed and Slammer can compromise hundreds of thousands of hosts within hours or even minutes, and cause millions of dollars of damage [26, 43]. To successfully combat these fast automatic Internet attacks, we need fast automatic attack detection and filtering mechanisms. In this paper we propose dynamic taint analysis for automatic detection of overwrite attacks, which include most types of exploits. This approach does not need source code or special compilation for the monitored program, and hence works on commodity software. To demonstrate this idea, we have implemented TaintCheck, a mechanism that can perform dynamic taint analysis by performing binary rewriting at run time. We show that TaintCheck reliably detects most types of exploits. We found that TaintCheck produced no false positives for any of the many different programs that we tested. Further, we describe how TaintCheck could improve automatic signature generation in

CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs

Abstract: This paper describes the C Intermediate Language: a high-level representation along with a set of tools that permit easy analysis and source-to-source transformation of C programs.Compared to C, CIL has fewer constructs. It breaks down certain complicated constructs of C into simpler ones, and thus it works at a lower level than abstract-syntax trees. But CIL is also more high-level than typical intermediate languages (e.g., three-address code) designed for compilation. As a result, what we have is a representation that makes it easy to analyze and manipulate C programs, and emit them in a form that resembles the original source. Moreover, it comes with a front-end that translates to CIL not only ANSI C programs but also those using Microsoft C or GNU C extensions.We describe the structure of CIL with a focus on how it disambiguates those features of C that we found to be most confusing for program analysis and transformation. We also describe a whole-program merger based on structural type equality, allowing a complete project to be viewed as a single compilation unit. As a representative application of CIL, we show a transformation aimed at making code immune to stack-smashing attacks. We are currently using CIL as part of a system that analyzes and instruments C programs with run-time checks to ensure type safety. CIL has served us very well in this project, and we believe it can usefully be applied in other situations as well.

Control-flow integrity

Abstract: Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement is simple, and its guarantees can be established formally even with respect to powerful adversaries. Moreover, CFI enforcement is practical: it is compatible with existing software and can be done efficiently using software rewriting in commodity systems. Finally, CFI provides a useful foundation for enforcing further security policies, as we demonstrate with efficient software implementations of a protected shadow call stack and of access control for memory regions.

On the effectiveness of address-space randomization

Abstract: Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system components. This mechanism is available for both Linux (via PaX ASLR) and OpenBSD. We study the effectiveness of address-space randomization and find that its utility on 32-bit architectures is limited by the number of bits available for address randomization. In particular, we demonstrate a derandomization attack that will convert any standard buffer-overflow exploit into an exploit that works against systems protected by address-space randomization. The resulting exploit is as effective as the original exploit, although it takes a little longer to compromise a target machine: on average 216 seconds to compromise Apache running on a Linux PaX ASLR system. The attack does not require running code on the stack.We also explore various ways of strengthening address-space randomization and point out weaknesses in each. Surprisingly, increasing the frequency of re-randomizations adds at most 1 bit of security. Furthermore, compile-time randomization appears to be more effective than runtime randomization. We conclude that, on 32-bit architectures, the only benefit of PaX-like address-space randomization is a small slowdown in worm propagation speed. The cost of randomization is extra complexity in system support.

Secure program execution via dynamic information flow tracking

Abstract: We present a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead. Dynamic information flow tracking protects programs against malicious software attacks by identifying spurious information flows from untrusted I/O and restricting the usage of the spurious information.Every security attack to take control of a program needs to transfer the program's control to malevolent code. In our approach, the operating system identifies a set of input channels as spurious, and the processor tracks all information flows from those inputs. A broad range of attacks are effectively defeated by checking the use of the spurious values as instructions and pointers.Our protection is transparent to users or application programmers; the executables can be used without any modification. Also, our scheme only incurs, on average, a memory overhead of 1.4% and a performance overhead of 1.1%.