The MINESTRONE architecture combining static and dynamic analysis techniques for software security

Angelos D. Keromytis, Salvatore J. Stolfo, Junfeng Yang, Angelos Stavrou, Anup Ghosh, Dawson Engler, Marc Dacier, Matthew Elder, Darrell Kienzle

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

We present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities in third-party software. Our initial focus is on software written in C and C++; however, many of our techniques are equally applicable to binary-only environments (but are not always as efficient or as effective) and for vulnerabilities that are not specific to these languages. Our system seeks to enable the immediate deployment of new software (e.g., a new release of an open-source project) and the protection of already deployed (legacy) software by transparently inserting extensive security instrumentation, while leveraging concurrent program analysis, potentially aided by runtime data gleaned from profiling actual use of the software, to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement. Artificial diversification techniques are used both as confinement mechanisms and for fault-tolerance purposes. To minimize the performance impact, we are leveraging multicore hardware or (when unavailable) remote servers that enable quick identification of likely compromise. To cover the widest possible range of systems, we require no specific hardware or operating system features, although we intend to take advantage of such features where available to improve both runtime performance and vulnerability coverage.

Original languageEnglish
Title of host publicationProceedings - 1st SysSec Workshop, SysSec 2011
Pages53-56
Number of pages4
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event1st SysSec Workshop, SysSec 2011 - Amsterdam
Duration: 6 Jul 20116 Jul 2011

Other

Other1st SysSec Workshop, SysSec 2011
CityAmsterdam
Period6/7/116/7/11

Fingerprint

Static analysis
Fault tolerance
Dynamic analysis
Computer hardware
Servers
Hardware
Costs

ASJC Scopus subject areas

  • Control and Systems Engineering

Cite this

Keromytis, A. D., Stolfo, S. J., Yang, J., Stavrou, A., Ghosh, A., Engler, D., ... Kienzle, D. (2011). The MINESTRONE architecture combining static and dynamic analysis techniques for software security. In Proceedings - 1st SysSec Workshop, SysSec 2011 (pp. 53-56). [6092763] https://doi.org/10.1109/SysSec.2011.33

The MINESTRONE architecture combining static and dynamic analysis techniques for software security. / Keromytis, Angelos D.; Stolfo, Salvatore J.; Yang, Junfeng; Stavrou, Angelos; Ghosh, Anup; Engler, Dawson; Dacier, Marc; Elder, Matthew; Kienzle, Darrell.

Proceedings - 1st SysSec Workshop, SysSec 2011. 2011. p. 53-56 6092763.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Keromytis, AD, Stolfo, SJ, Yang, J, Stavrou, A, Ghosh, A, Engler, D, Dacier, M, Elder, M & Kienzle, D 2011, The MINESTRONE architecture combining static and dynamic analysis techniques for software security. in Proceedings - 1st SysSec Workshop, SysSec 2011., 6092763, pp. 53-56, 1st SysSec Workshop, SysSec 2011, Amsterdam, 6/7/11. https://doi.org/10.1109/SysSec.2011.33
Keromytis AD, Stolfo SJ, Yang J, Stavrou A, Ghosh A, Engler D et al. The MINESTRONE architecture combining static and dynamic analysis techniques for software security. In Proceedings - 1st SysSec Workshop, SysSec 2011. 2011. p. 53-56. 6092763 https://doi.org/10.1109/SysSec.2011.33
Keromytis, Angelos D. ; Stolfo, Salvatore J. ; Yang, Junfeng ; Stavrou, Angelos ; Ghosh, Anup ; Engler, Dawson ; Dacier, Marc ; Elder, Matthew ; Kienzle, Darrell. / The MINESTRONE architecture combining static and dynamic analysis techniques for software security. Proceedings - 1st SysSec Workshop, SysSec 2011. 2011. pp. 53-56
@inproceedings{a6cdf29494b340b3900830711ea58b6b,
title = "The MINESTRONE architecture combining static and dynamic analysis techniques for software security",
abstract = "We present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities in third-party software. Our initial focus is on software written in C and C++; however, many of our techniques are equally applicable to binary-only environments (but are not always as efficient or as effective) and for vulnerabilities that are not specific to these languages. Our system seeks to enable the immediate deployment of new software (e.g., a new release of an open-source project) and the protection of already deployed (legacy) software by transparently inserting extensive security instrumentation, while leveraging concurrent program analysis, potentially aided by runtime data gleaned from profiling actual use of the software, to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement. Artificial diversification techniques are used both as confinement mechanisms and for fault-tolerance purposes. To minimize the performance impact, we are leveraging multicore hardware or (when unavailable) remote servers that enable quick identification of likely compromise. To cover the widest possible range of systems, we require no specific hardware or operating system features, although we intend to take advantage of such features where available to improve both runtime performance and vulnerability coverage.",
author = "Keromytis, {Angelos D.} and Stolfo, {Salvatore J.} and Junfeng Yang and Angelos Stavrou and Anup Ghosh and Dawson Engler and Marc Dacier and Matthew Elder and Darrell Kienzle",
year = "2011",
doi = "10.1109/SysSec.2011.33",
language = "English",
isbn = "9780769545301",
pages = "53--56",
booktitle = "Proceedings - 1st SysSec Workshop, SysSec 2011",

}

TY - GEN

T1 - The MINESTRONE architecture combining static and dynamic analysis techniques for software security

AU - Keromytis, Angelos D.

AU - Stolfo, Salvatore J.

AU - Yang, Junfeng

AU - Stavrou, Angelos

AU - Ghosh, Anup

AU - Engler, Dawson

AU - Dacier, Marc

AU - Elder, Matthew

AU - Kienzle, Darrell

PY - 2011

Y1 - 2011

N2 - We present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities in third-party software. Our initial focus is on software written in C and C++; however, many of our techniques are equally applicable to binary-only environments (but are not always as efficient or as effective) and for vulnerabilities that are not specific to these languages. Our system seeks to enable the immediate deployment of new software (e.g., a new release of an open-source project) and the protection of already deployed (legacy) software by transparently inserting extensive security instrumentation, while leveraging concurrent program analysis, potentially aided by runtime data gleaned from profiling actual use of the software, to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement. Artificial diversification techniques are used both as confinement mechanisms and for fault-tolerance purposes. To minimize the performance impact, we are leveraging multicore hardware or (when unavailable) remote servers that enable quick identification of likely compromise. To cover the widest possible range of systems, we require no specific hardware or operating system features, although we intend to take advantage of such features where available to improve both runtime performance and vulnerability coverage.

AB - We present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities in third-party software. Our initial focus is on software written in C and C++; however, many of our techniques are equally applicable to binary-only environments (but are not always as efficient or as effective) and for vulnerabilities that are not specific to these languages. Our system seeks to enable the immediate deployment of new software (e.g., a new release of an open-source project) and the protection of already deployed (legacy) software by transparently inserting extensive security instrumentation, while leveraging concurrent program analysis, potentially aided by runtime data gleaned from profiling actual use of the software, to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement. Artificial diversification techniques are used both as confinement mechanisms and for fault-tolerance purposes. To minimize the performance impact, we are leveraging multicore hardware or (when unavailable) remote servers that enable quick identification of likely compromise. To cover the widest possible range of systems, we require no specific hardware or operating system features, although we intend to take advantage of such features where available to improve both runtime performance and vulnerability coverage.

UR - http://www.scopus.com/inward/record.url?scp=83755183629&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=83755183629&partnerID=8YFLogxK

U2 - 10.1109/SysSec.2011.33

DO - 10.1109/SysSec.2011.33

M3 - Conference contribution

SN - 9780769545301

SP - 53

EP - 56

BT - Proceedings - 1st SysSec Workshop, SysSec 2011

ER -