Compiler assisted tracking of hacker assaults

William Mahoney

Research output: Contribution to conferencePaperpeer-review

2 Scopus citations

Abstract

An ever-growing number of cyber attacks are made via network connections on open source software written in C or C++. Such software includes the popular Apache web server, various DHCP servers, etc. These attacks take advantage of flaws inadvertently left in software systems due to a lack of complete testing. Public domain tools such as "gcov" allow a software engineer to assure that each line of code has been executed and tested. These tools operate in a "batch" mode, first collecting statistics, then later displaying the program coverage. This paper presents a new approach to software coverage modifications have been made to the GCC compilers for C and C++, which allow for an execution-time monitoring facility. The program software is compiled with this "instrumentation". As the program executes, information is gathered concerning the execution of the source code. This information can be saved to a file for later processing (as in "gcov") or can be examined while the program executes. This "instrumenting compiler" is used for software which is run in a controlled environment as attacks are made. The call tree and execution trace of the software under test are examined as the hacker assault progresses. This paper outlines the techniques used to modify the internal representations of the GCC compilers to allow this instrumentation. The compiler uses an internal representation called RTX. Additional calls to the instrumentation functions are automatically generated in RTX prior to emitting assembly language output. The paper addresses the techniques for locating the instrumentation points, avoiding problems when software is compiled with optimization, and presents a sample case of open software being instrumented. The latter demonstrates the output formats and shows an example of an attack on an open source program.

Original languageEnglish (US)
Pages143-151
Number of pages9
StatePublished - 2006
EventInternational Conference on i-Warfare and Security, ICIW 2006 - Eastern Shore, United States
Duration: Mar 15 2006Mar 16 2006

Conference

ConferenceInternational Conference on i-Warfare and Security, ICIW 2006
Country/TerritoryUnited States
CityEastern Shore
Period3/15/063/16/06

Keywords

  • C
  • Compilation
  • Hacker
  • Instrumentation
  • Internal representation
  • Open source
  • RTX

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Compiler assisted tracking of hacker assaults'. Together they form a unique fingerprint.

Cite this