Costa, Castro, Zhou, Zhang, Peinado

Bouncer: Securing Software by Blocking Bad Input

Extension from Vigilante. (automatic worm signature generation) 
Used to detect bad inputs, aiming to find buffer overflow and other bad input attacks.

Generate filter when they find bad input attacks.  Perform symbolic analysis, slicing, etc to generalize attack from specific execution pattern. static + dynamic...

Goal is to prevent re-starting programs when they reach bad state by "bouncing" bad
input.

Idea/comments:
--------------
Where are you going to get the filters from?
Other input filtering mechanisms should be able to "bounce", so the throughput comparison is not comprehensive.