Conference Proceeding

NEST: NEtwork Server Tool

Dept. of Comput. Sci., Calgary Univ., Alta.
11/2005; DOI:10.1109/APCC.2005.1554236 In proceeding of: Communications, 2005 Asia-Pacific Conference on
Source: IEEE Xplore

ABSTRACT NEST (network server tool) can be used to automatically generate code infrastructure for TCP-based network servers. It uses a specification language to describe client-server interaction and state transitions within the server. This specification language has some similarities to the compiler tools Lex and Yacc, and its design makes network server specification straightforward. One of the main features of NEST is that it can generate three different types of server from the same basic specification: process-based, threaded, and event-driven. Our performance results show that we can produce server code for all three models which is competitive with established, highly-tuned servers

0 0
  • Proceedings of the FREENIX Track: 2003 USENIX Annual Technical Conference, June 9-14, 2003, San Antonio, Texas, USA; 01/2003
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Attacks which exploit memory programming errors (such as buffer overo ws) are one of today's most seri- ous security threats. These attacks require an attacker to have an in-depth understanding of the internal details of a victim program, including the locations of critical data and/or code. Program obfuscation is a general technique for securing programs by making it difcult for attackers to acquire such a detailed understanding. This paper de- velops a systematic study of a particular kind of obfusca- tion called address obfuscation that randomizes the loca- tion of victim program data and code. We discuss differ- ent implementation strategies to randomize the absolute locations of data and code, as well as relative distances between data locations. We then present our implemen- tation that transforms object les and executables at link- time and load-time. It requires no changes to the OS ker- nel or compilers, and can be applied to individual appli- cations without affecting the rest of the system. It can be implemented with low runtime overheads. Address ob- fuscation can reduce the probability of successful attacks to be as low as a small fraction of a percent for most memory-error related attacks. Moreover, the random- ization ensures that an attack that succeeds against one victim will likely not succeed against another victim, or even for a second time against the same victim. Each failed attempt will typically crash the victim program, thereby making it easy to detect attack attempts. These aspects make it particularly effective against large-scale attacks such as Code Red, since each infection attempt requires signicantly more resources, thereby slowing down the propagation rate of such attacks.
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: this paper was the result of a collaboration between several organizations. Many individuals made significant contributions to the project. Rather than running the risk of omission, we will refrain from listing them all here. A smaller and more manageable number of people offered valuable insights and advice leading to this paper. For this we thank gratefully thank Jackie Antis, Michael Benedikt, Jon Bentley, Tim Griffin, John Meale, John Pyrce, Eric Sumner Jr., and Dave Weiss.


Available from