Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: Systems and methods for relocating executable instructions to arbitrary locations are described, in which the relocation of the instructions may be arbitrary or random, and may operate on groups of instructions or individual instructions. Such relocation may be achieved through hardware or software, and may use a virtual machine, software dynamic translators, interpreters, or emulators. Instruction relocation may use or produce a specification governing how to relocate the desired instructions. Randomizing the location of instructions provides defenses against a variety of security attacks. Such systems and methods may provide many advantages over other instruction relocation techniques, such as low runtime overhead, no required user interaction, applicability post-deployment, and the ability to operate on arbitrary executable programs.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: Methods and systems are described for detecting command injection attacks. A positive, taint inference method includes receiving signature fragments on one hand, converting command injection instructions into command fragments on another hand, thus identifying potential attacks upon the condition that a command injection instruction includes critical untrusted parts by using signature fragments. A system detects command injection attacks using this kind of method, and remediates and rejects potential attacks.

Abstract: A method and system for relocating executable instructions to arbitrary locations are disclosed. The instruction relocation may be arbitrary or random, and may operate on groups of instructions or individual instructions. Such relocation may be achieved through hardware or software, and may use a virtual machine, software dynamic translators, interpreters, or emulators. Instruction relocation may use or produce a specification governing how to relocate the desired instructions. Randomizing the location of instructions provides defenses against a variety of security attacks. The disclosed embodiments provide many advantages over other instruction relocation techniques, such as low runtime overhead, no required user interaction, applicability post-deployment, and the ability to operate on arbitrary executable programs.