Countering code-injection attacks with instruction-set randomization

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2003, Pages 272-280

  Kc, Gaurav S ^a   Keromytis, Angelos D ^a   Prevelakis, Vassilis ^b  

^a Columbia University ^*  (United States)

^b Drexel University   (United States)

Author keywords

Buffer Overflows; Emulators; Interpreters

Indexed keywords

ALGORITHMS; BINARY CODES; BUFFER STORAGE; COMPUTER HARDWARE; COMPUTER PROGRAMMING LANGUAGES; PROGRAM INTERPRETERS; SOFTWARE PROTOTYPING;

BUFFER OVERFLOW; CODE-INJECTION ATTACKS; EMULATORS; INSTRUCTION-SET RANDOMIZATION; INTERPRETERS;

SECURITY OF DATA;

EID: 14844317200     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/948143.948146     Document Type: Conference Paper

References (63)

1. Bochs Emulator Web Page. http://bochs.sourceforge.net/.
2. The Perltidy Home Page. http://perltidy.sourceforge.net/.
3. Trusted Computing Platform Alliance. http://www.trustedcomputing.org/.
4. CERT Advisory CA-2001-19: 'Code Red' Worm Exploiting Buffer Overflow in US Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html, July 2001.
5. CERT Advisory CA-2001-33: Multiple Vulnerabilities in WU-FTPD. http://www.cert.org/advisories/CA-2001-33.html, November 2001.
6. CERT Advisory CA-2002-12: Format String Vulnerability in ISC DHCPD. http://www.cert.org/advisories/CA-2002-12.html, May 2002.
7. CERT Vulnerability Note VU#282403. http://www.kb.cert.org/vuls/id/282403, September 2002.
8. CERT Vulnerability Note VU#496064. http://www.kb.cert.org/vuls/id/496064, April 2002.
9. Cert Advisory CA-2003-04: MS-SQL Server Worm. http://www.cert.org/ advisories/CA-2003-04.html, January 2003.
10. The Spread of the Sapphire/Slammer Worm. http://www.silicondefense.com/ research/worms/slammer.php, February 2003.
11. A. Acharya and M. Raje. Mapbox: Using parameterized behavior classes to confine applications. In Proceedings of the 9th USENIX Security Symposium, pages 1-17, August 2000.
12. Aleph One. Smashing the stack for fun and profit. Phrack, 7(49), 1996.
13. A. Alexandrov, P. Kmiec, and K. Schauser. Consh: A confined execution environment for internet computations, December 1998.
14. V. Anupam and A. Mayer. Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies. In Proceedings of the 7th USENIX Security Symposium, pages 187-200, January 1998.
15. R. Balzer and N. Goldman. Mediating connectors: A non-bypassable process wrapping technology. In Proceeding of the 19th IEEE International Conference on Distributed Computing Systems, June 1999.
16. A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, June 2000.
17. A. Berman, V. Bourassa, and E. Selberg. TRON: Process-Specific File Protection for the UNIX Operating System. In Proceedings of the USENIX Technical Conference, January 1995.
18. S. Bhatkar, D. C. DuVarney, and R. Sekar. Address Obfuscation: an Efficient Approach to Combat a Broad Range of Memory Error Exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105-120, August 2003.
19. Bulba and Kil3r. Bypassing StackGuard and StackShield. Phrack, 5(56), May 2000.
20. H. Chen and D. Wagner. MOPS: an Infrastructure for Examining Security Properties of Software. In Proceedings of the ACM Computer and Communications Security (CCS) Conference, pages 235-244, November 2002.
21. C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic Protection From printf Format String Vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, pages 191-199, August 2001.
22. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91-104, August 2003.
23. C. Cowan, S. Beattie, C. Pu, P. Wagle, and V. Gligor. SubDomain: Parsimonious Security for Server Appliances. In Proceedings of the 14th USENIX System Administration Conference (LISA 2000), March 2000.
24. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, Jan. 1998.
25. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI), December 2002.
26. J. Etoh. GCC extension for protecting applications from stack-smashing attacks, http://www.trl.ibm.com/projects/security/ssp/, June 2000.
27. J. Foster, M. Faḧndrich, and A. Aiken. A theory of type qualifiers. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), May 1999.
28. M. Frantzen and M. Shuey. StackGhost: Hardware facilitated stack protection. In Proceedings of the 10th USENIX Security Symposium, pages 55-66, August 2001.
29. T. Fraser, L. Badger, and M. Feldman. Hardening COTS Software with Generic Software Wrappers. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 1999.
30. T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 163-176, February 2003.
31. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 191-206, February 2003.
32. D. P. Ghormley, D. Petrou, S. H. Rodrigues, and T. E. Anderson. SLIC: An Extensibility System for Commodity Operating Systems. In Proceedings of the 1998 USENIX Annual Technical Conference, pages 39-52, June 1998.
33. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A Secure Environment for Untrusted Helper Applications. In Procedings of the 1996 USENIX Annual Technical Conference, 1996.
34. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the USENIX Annual Technical Conference, pages 275-288, Monterey, California, June 2002.
35. R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In 3rd International Workshop on Automated Debugging, 1997.
36. A. D. Keromytis, J. L. Wright, and T. de Raadt. The Design of the OpenBSD Cryptographic Framework. In Proceedings of the USENIX Annual Technical Conference, June 2003.
37. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191-205, August 2002.
38. D. Larochelle and D. Evans. Statically Detecting Likely Buffer Overflow Vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, pages 177-190, August 2001.
39. E. Larson and T. Austin. High Coverage Detection of Input-Related Security Faults. In Proceedings of the 12th USENIX Security Symposium, pages 121-136, August 2003.
40. K. Lhee and S. J. Chapin. Type-assisted dynamic buffer overflow detection. In Proceedings of the 11th USENIX Security Symposium, pages 81-90, August 2002.
41. P. Loscocco and S. Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pages 29-40, June 2001.
42. M. Conover and w00w00 Security Team. w00w00 on heap overflows, http://www.w00w00.org/files/articles/heaptut.txt, January 1999.
43. T. C. Miller and T. de Raadt. strlcpy and strlcat: Consistent, Safe, String Copy and Concatentation. In Proceedings of the USENIX Technical Conference, Freenix Track, June 1999.
44. T. Mitchem, R. Lu, and R. O'Brien. Using Kernel Hypervisors to Secure Applications. In Proceedings of the Annual Computer Security Applications Conference, December 1997.
45. D. Moore, C. Shanning, and K. Claffy. Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd Internet Measurement Workshop (IMW), pages 273-284, November 2002.
46. National Bureau of Standards. Data Encryption Standard, January 1977. FIPS-46.
47. G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the Principles of Programming Languages (PoPL), January 2002.
48. D. S. Peterson, M. Bishop, and R. Pandey. A Flexible Containment Mechanism for Executing Untrusted Code. In Proceedings of the 11th USENIX Security Symposium, pages 207-225, August 2002.
49. M. Prasad and T. Chiueh. A Binary Rewriting Defense Against Stack-based Buffer Overflow Attacks. In Proceedings of the USENIX Annual Technical Conference, pages 211-224, June 2003.
50. V. Prevelakis and A. D. Keromytis. Drop-in Security for Distributed and Portable Computing Elements. Internet Research: Electronic Networking, Applications and Policy, 13(2), 2003.
51. V. Prevelakis and D. Spinellis. Sandboxing Applications. In Proceedings of the USENIX Technical Annual Conference, Freenix Track, pages 119-126, June 2001.
52. N. Provos. Improving Host Security with System Call Policies. In Proceedings of the 12th USENIX Security Symposium, pages 257-272, August 2003.
53. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th USENIX Security Symposium, pages 201-216, August 2001.
54. E. H. Spafford. The Internet Worm Program: An Analysis. Technical Report Technical Report CSD-TR-823, Purdue University, West Lafayette, IN 47907-2004, 1988.
55. Technology Quarterly. Bespoke chips for the common man. The Economist, pages 29-30, 14-20 December 2002.
56. Tool Interface Standards Committee. Executable and Linking Format (ELF) specification, May 1995.
57. Vendicator. Stack shield. http://www.angelfire.com/sk/stackshield/.
58. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. In Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), pages 3-17, February 2000.
59. K. M. Walker, D. F. Stern, L. Badger, K. A. Oosendorp, M. J. Petkac, and D. L. Sherman. Confining root programs with domain and type enforcement. In Proceedings of the USENIX Security Symposium, pages 21-36, July 1996.
60. R. N. M. Watson. TrustedBSD: Adding Trusted Operating System Features to FreeBSD. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pages 15-28, June 2001.
61. A. Whitaker, M. Shaw, and S. D. Gribble. Scale and Performance in the Denali Isolation Kernel. In Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (OSDI), December 2002.
62. J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Intrusion Prevention. In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pages 123-130, February 2003.
63. C. C. Zou, W. Gong, and D. Towsley. Code Red Worm Propagation Modeling and Analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 138-147, November 2002.