Research

Research activity performed in the IORTA program is through internally funded research and development, externally funded research, as well as through collaborations with other Sandia programs, government agencies, industry, and universities. IORTA also performs research and educational activities within Sandia's College Cyber Defender Program in New Mexico.

Security Applications of Dynamic Binary Translation - Dino Dai Zovi
- December 2002

The last 13 years have seen a large number of serious computer security vulnerabilities have been buffer overflow and format string vulnerabilities in widely used software applications. A number of Internet worms have exploited these vulnerabilities to infect target hosts. The first part of this work introduces a framework for understanding and describing attacks that dynamically inject machine code into a process and the vulnerabilities that enable these attacks. The techniques used in these attacks are described in detail. The second part of this work describes the application of dynamic binary translation, previously a technique primarily for dynamic optimization, to stopping and mitigating these sorts of attacks. The implementations of several know techniques using a dynamic binary translation system are described in detail. Finally, some conclusions about the applicability of dynamic binary translation to computer security are made.

 

Network Security Mechanisms Utilizing Dynamic Network Address Translation - CHUA, Kuan Seah; Erik Lee; John Michalski; Carrie Price; Eric Stanton; TAN, Chung Pheng; WONG, Yip Heng
- November 2002

A new protocol technology is just starting to emerge from the laboratory environment. Its stated purpose is to provide an additional means in which networks, and the services that reside on them, can be protected from adversarial compromise. This report has a two-fold objective. First is to provide the reader with an overview of this emerging Dynamic Defenses technology using Dynamic Network Address Translation (Dynat). This “structure overview” is concentrated in the body of the report, and describes the important attributes of the technology. The second objective is to provide a framework that can be used to help in the classification and assessment of the different types of dynamic defense technologies along with some related capabilities and limitations.

.