Making (Only) the Right Calls: Preventing Remote Code Execution Attacks in PHP Applications with Contextual, State-Sensitive System Call Filtering

Yunsen Lei; Craig A. Shue

Making (Only) the Right Calls: Preventing Remote Code Execution Attacks in PHP Applications with Contextual, State-Sensitive System Call Filtering

Yunsen Lei, Craig A. Shue

Published: 01 Jan 2025, Last Modified: 18 Jul 2025DIMVA (1) 2025EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: PHP powers over 76% of websites worldwide, making security vulnerabilities in its applications particularly damaging. Unfortunately, such defects remain common: in 2021, nine of the top 15 most-exploited vulnerabilities identified by CISA involved remote code execution (RCE). Prior research has attempted to contain RCE through system call filtering (e.g., via seccomp), but these efforts are typically coarse-grained. They allow all system calls that could potentially be invoked anywhere in the application, providing attackers substantial opportunities for exploit.

Loading