Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: EFC Released
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Thu, 4 Mar 2004 15:12:10 +0100

There has already been a lot of discussion on this concept on this list
(see archives). A major shortcoming of this concept is that some program
code may only very seldomly be excuted (error/exception handlers). As
such, a pogramm may be killed just because it is gracefully handling an
exceptional situation...


-----Original Message-----
From: Timothy Demulder [mailto:timothy.demulder () tiscali be] 
Sent: Thursday, March 04, 2004 9:45 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] EFC Released

On Thu, 04 Mar 2004 11:17:20 +0530
Balwinder Singh <balwinder () gmx net> wrote:

Dear All,

Execution Flow Control (EFC) is available for download at

What is EFC?

EFC monitors the execution of a program by observing system 
calls made
by the program. EFC generates a database for each program 
its behavioral model. The moment request for execution of a 
program is
made, kernel also loads program's behavioral model into the memory.
Each request by a program is compared with model data base, 
if request
agrees with model it is permitted else program is killed. 

EFC is a kernel module, and woks on Linux only.



Seems very interesting, but how does it affect 
performance/stability of the system/kernel?



Absolutely nothing should be concluded from these figures except that
no conclusion can be drawn from them.
        -- Joseph L. Brothers, Linux/PowerPC Project)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]