Since sensors do not have a sophisticated hardware architecture or an operating system to manage code for safety, attacks injecting code to exploit memory-related vulnerabilities can present threats to sensor applications. In a sensor's simple memory architecture, injected code can alter the control flow of a sensor application to either misuse existing routines or download other malicious code to achieve attacks. To protect the control flow, this paper proposes a self-healing scheme that can detect attacks attempting to alter the control flow and then recover sensor applications to normal operations with minimum overhead. The self-healing scheme embeds diversified protection code at particular locations to enforce access control in program memory. Both the access control code and the recovery code are designed to be resilient to control flow attacks that attempt to evade the protection. Furthermore, the self-healing scheme directly processes application code at the machine instruction level, instead of performing control or data analysis on source code. The implementation and evaluation show that the self-healing scheme is lightweight in protecting sensor applications.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	ATmega128. http://atmel.com/dyn/products/productcard.asp?part-id=2018.
	2	AVR Studio 4. http://www.atmel.com/avrstudio.
	3	Mantis. http://mantis.cs.colorado.edu/.
	4	nesC: A programming language for deeply networked systems. http://nescc.sourceforge.net/.
	5	TinyOS. http://www.tinyos.net.
	6	Aleph One. Smashing the stack for fun and profit. Phrack Magazine, http://www.phrack.org/phrack/49/P49-14, 1996.
	7	Anonymous. Once upon a free(). Phrack Magazine, http://www.phrack.org/phrack/57/p57-0x09, 2001.
	8	Elena Gabriela Barrantes , David H. Ackley , Trek S. Palmer , Darko Stefanovic , Dino Dai Zovi, Randomized instruction set emulation to disrupt binary code injection attacks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948147]
	9	Shuo Chen , Jun Xu , Emre C. Sezer , Prachi Gauriar , Ravishankar K. Iyer, Non-control-data attacks are realistic threats, Proceedings of the 14th conference on USENIX Security Symposium, p.12-12, July 31-August 05, 2005, Baltimore, MD
	10	Mihai Christodorescu , Somesh Jha, Static analysis of executables to detect malicious patterns, Proceedings of the 12th conference on USENIX Security Symposium, p.12-12, August 04-08, 2003, Washington, DC
	11	Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: end-to-end containment of internet worms, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
	12	Crispin Cowan , Calton Pu , Dave Maier , Heather Hintony , Jonathan Walpole , Peat Bakke , Steve Beattie , Aaron Grier , Perry Wagle , Qian Zhang, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks, Proceedings of the 7th conference on USENIX Security Symposium, p.5-5, January 26-29, 1998, San Antonio, Texas
	13	H. Etoh and K. Yoda. Propolice: improved stack-smashing attack detection. IPSJ SIGNotes Computer SECurity, http://www.trl.ibm.com/projects/security/ssp, 2001.
	14	David Evans , David Larochelle, Improving Security Using Extensible Lightweight Static Analysis, IEEE Software, v.19 n.1, p.42-51, January 2002  [doi>10.1109/52.976940]
	15	Aurélien Francillon , Claude Castelluccia, Code injection attacks on harvard-architecture devices, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA  [doi>10.1145/1455770.1455775]
	16	Sudhakar Govindavajhala , Andrew W. Appel, Using Memory Errors to Attack a Virtual Machine, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.154, May 11-14, 2003
	17	Qijun Gu , Rizwan Noorani, Towards self-propagate mal-packets in sensor networks, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA  [doi>10.1145/1352533.1352563]
	18	Jonathan W. Hui , David Culler, The dynamic behavior of a data dissemination protocol for network programming at scale, Proceedings of the 2nd international conference on Embedded networked sensor systems, November 03-05, 2004, Baltimore, MD, USA  [doi>10.1145/1031495.1031506]
	19	M. Kaempf. Vudo malloc tricks. Phrack Magazine, http://www.phrack.org/phrack/57/p57-0x08, 2001.
	20	Chris Karlof , Naveen Sastry , David Wagner, TinySec: a link layer security architecture for wireless sensor networks, Proceedings of the 2nd international conference on Embedded networked sensor systems, November 03-05, 2004, Baltimore, MD, USA  [doi>10.1145/1031495.1031515]
	21	Vladimir Kiriansky , Derek Bruening , Saman P. Amarasinghe, Secure Execution via Program Shepherding, Proceedings of the 11th USENIX Security Symposium, p.191-206, August 05-09, 2002
	22	Christopher Kruegel , Engin Kirda , Darren Mutz , William Robertson , Giovanni Vigna, Automating mimicry attacks using static binary analysis, Proceedings of the 14th conference on USENIX Security Symposium, p.11-11, July 31-August 05, 2005, Baltimore, MD
	23	Ram Kumar , Eddie Kohler , Mani Srivastava, Harbor: software-based memory protection for sensor nodes, Proceedings of the 6th international conference on Information processing in sensor networks, April 25-27, 2007, Cambridge, Massachusetts, USA  [doi>10.1145/1236360.1236404]
	24	Cullen Linn , Saumya Debray, Obfuscation of executable code to improve resistance to static disassembly, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948149]
	25	Nergal. The advanced return-into-lib(c) exploits (pax case study). Phrack Magazine, http://www.phrack.org/phrack/58/p58-0x04, 2001.
	26	T. Newsham. Format string attacks. http://muse.linuxmafia.org/lost+found/formatstringattacks.pdf, 2001.
	27	PAX. Pax address space layout randomization (aslr). http://pax.grsecurity.net/docs/aslr.txt.
	28	Adrian Perrig , Robert Szewczyk , Victor Wen , David Culler , J. D. Tygar, SPINS: security protocols for sensor networks, Proceedings of the 7th annual international conference on Mobile computing and networking, p.189-199, July 2001, Rome, Italy  [doi>10.1145/381677.381696]
	29	J. Regehr, N. Cooprider, W. Archer, and E. Eide. Memory safety and untrusted extensions for tinyos. Technical report, University of Utah, 2006.
	30	Smirnov and T. Chiueh. Dira: automatic detection, identification and repair of control-data attacks. In Proc. of Network and Distributed System Security Symposium, 2005.
	31	R. Wojtczuk. Defeating solar designer non-executable stack patch. http://geek-girl.com/bugtraq, 1998.
	32	Yi Yang , Sencun Zhu , Guohong Cao, Improving sensor network immunity under worm attacks: a software diversity approach, Proceedings of the 9th ACM international symposium on Mobile ad hoc networking and computing, May 26-30, 2008, Hong Kong, Hong Kong, China  [doi>10.1145/1374618.1374640]
	33	M. Zalewski. Remote vulnerability in ssh daemon crc32 compression attack detector. http://www.bindview.com/Support/RAZOR/Advisories/2001/advssh1crc.cfm, 2001.