ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Protecting web services from remote exploit code: a static analysis approach
Full text PdfPdf (177 KB)
Source
International World Wide Web Conference archive
Proceeding of the 17th international conference on World Wide Web table of contents
Beijing, China
POSTER SESSION: Posters table of contents
Pages 1139-1140  
Year of Publication: 2008
ISBN:978-1-60558-085-2
Authors
Xinran Wang  Pennsylvania State University, State College, PA, USA
Yoon-chan Jhi  Pennsylvania State University, State College, PA, USA
Sencun Zhu  Pennsylvania State University, State College, PA, USA
Peng Liu  Pennsylvania State University, State College, PA, USA
Sponsor
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 12,   Downloads (12 Months): 73,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1367497.1367695
What is a DOI?

ABSTRACT

We propose STILL, a signature-free remote exploit binary code injection attack blocker to protect web servers and web applications. STILL is robust to almost all anti-signature, anti-static-analysis and anti-emulation obfuscation.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Computer emergency response team (cert). http://www.cert.org.
 
2
The metasploit project. http://www.metasploit.com.
 
3
Ramkumar Chinchani and Eric Van Den Berg. A fast static analysis approach to detect exploit code inside network flows. In RAID, 2005.
 
4
C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Polymorphic worm detection using structural information of executables. In RAID, 2005.
 
5
Michalis Polychronakis, Kostas G. Anagnostakis, and Evangelos P. Markatos. Network-level polymorphic shellcode detection using emulation. In DIMVA, 2006.
 
6
Xinran Wang , Chi-Chun Pan , Peng Liu , Sencun Zhu, SigFree: a signature-free buffer overflow attack blocker, Proceedings of the 15th conference on USENIX Security Symposium, p.16-16, July 31-August 04, 2006, Vancouver, B.C., Canada

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)


General Terms:
Security


Keywords:
code injection attack, http, static analysis

Collaborative Colleagues:
Xinran Wang: colleagues
Yoon-chan Jhi: colleagues
Sencun Zhu: colleagues
Peng Liu: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player