Preventing Program Hijacking via Static and Dynamic Analyses

Award Information
Agency:
Department of Defense
Branch
Navy
Amount:
$131,237.00
Award Year:
2012
Program:
SBIR
Phase:
Phase I
Contract:
N00014-12-M-0241
Agency Tracking Number:
O113-IA5-4051
Solicitation Year:
2011
Solicitation Topic Code:
OSD11-IA5
Solicitation Number:
2011.3
Small Business Information
Zephyr Software LLC
2040 Tremont Rd, Charlottesville, VA, -
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
830972647
Principal Investigator:
Clark Coleman
Research Scientist
(434) 284-3002
clc@zephyr-software.com
Business Contact:
Jack Davidson
President
(434) 242-4280
jwd@zephyr-software.com
Research Institution:
Stub




Abstract
Control flow hijacking occurs when an attacker overwrites a control-flow data item (e.g. return address or function pointer) to take control of the execution of a program. We propose to detect and prevent hijacking by using a low-overhead per-process dynamic run-time virtualization monitor, called an SDT (software dynamic translator) to make shadow copies of control-flow data items each time they are initialized or updated, and detect overwriting changes that occur between initialization and use. A static analyzer that operates on program binaries will help identify all control-data items, and reduce run-time overhead by identifying control-data items that are provably safe (not susceptible to overwriting between initialization and use). Remedial actions to be taken when attempted hijacking is detected will not be limited to program termination; program recovery techniques will be studied and designed.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government