SecuriFly

Benjamin Livshits Michael Martin Monica S. Lam

2006

Publication year

Stanford University

Venue

Peer-reviewed

Type

§ Abstract

Summary

This reports presents a runtime solution to a range of Web application security vulnerabilities. The solution we proposes called SecuriFly consists of instrumenting the application to precisely track the flow of data. When a potential vulnerability is observed, the application is either terminated to prevent the vulnerability from being exploited or special recovery code is executed and the application is allowed to continue on running. We have used SecuriFly to harden and experiment with a range of large open-source benchmarks written in Java. Protection provided by SecuriFly was sufficient to protect against all exploits we were able to generate.

Cite this paper — BibTeX

@TechReport{livshits06securifly_tr,
  author = "Benjamin Livshits and Michael Martin and Monica S. Lam",
  title = "{SecuriFly}: Runtime Protection and Recovery from {W}eb Application Vulnerabilities",
  month = sep,
  year = "2006",
  institution = "Stanford University",
}