This research confirms the possibility of using system-call interception as the basis for application-specific behavioral specifications that enhance application security in the absence of source code.
Besides, developing application-specific behavioral
specifications is a complex task requiring a skilled, security-aware programmer.
Their specification language simplifies the implementation aspects of this task
by proceeding abstractions tailored for event-based programming. However, given
the ever-increasing number of vulnerable applications, the scalability of
application-specific defenses is questionable.
Aleph
One, “Smashing the Stack for Fun and profit.”
Phrack
Online, Vol. 7, No. 49, 9 Nov 1996 : www.phrack.com
E.
Spafford, “The Internet Worm Program: Analysis,”
Computer
Comm. Review, Vol 19, No. 1, Jan 1989
CERT/CC
Advisories 1988-2000, Carnegie Mellon Software Eng. Inst. ;
Sept
2000: www.crt.org/advisories