Defeating memory corruption attacks via pointer taintedness detection

Proceedings of the International Conference on Dependable Systems and Networks

Volumn , Issue , 2005, Pages 378-387

  Chen, Shuo ^a   Xu, Jun ^b   Nakka, Nithin ^a   Kalbarczyk, Zbigniew ^a   Iyer, Ravishankar K ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

^b North Carolina State University   (United States)

Author keywords

Attack; Hardware Design; Security; Taintedness; Vulnerability

Indexed keywords

MEMORY CORRUPTION ATTACKS; NON-CONTROL DATA ATTACKS; PROGRAM CONTROL DATA; PROGRAM EXECUTION;

COMPUTER NETWORKS; COMPUTER PROGRAMMING; CRYPTOGRAPHY; STORAGE ALLOCATION (COMPUTER);

SECURITY OF DATA;

EID: 27544498541     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. Aleph One. "Smashing the Stack for Fun and Profit." Phrack Magazine, 49(7), Nov. 1996.
2. "PaX Address Space Layout Randomization (ASLR)." http://pax.grsecurity.net/docs/aslr.txt.
3. Anonymous. "Once upon a free()." Phrack Magazine. 57(9), Aug. 2001.
4. S. Bhatkar, D. DuVarney, and R. Sekar. "Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits." 12th USENIX Security Symposium. Washington, DC, August 2003.
5. A. Baratloo, T. Tsai, N. Singh. "Transparent Run-Time Defense Against Stack Smashing Attacks." Proc. USENIX Annual Technical Conference, June 2000.
6. th USENIX Security Symposium, Washington, DC, August 2001.
7. J. R. Crandall and F. T. Chong. Minos. "Control Data Attack Prevention Orthogonal to Memory Model." To appear in the 37th International Symposium on Microarchitecture. Portland, Oregon. December 2004.
8. CERT CC. http://www.cert.org.
9. B. Chess. "Improving Computer Security Using Extended Static Checking." IEEE Symposium on Security and Privacy, 2002.
10. th IFIP International Information Security Conference (SEC2004), Toulouse, France, August 23-26, 2004.
11. th USENIX Security Symposium, San Antonio, TX, January 1998.
12. D. Evans and D. Larochelle. "Improving Security Using Extensible Lightweight Static Analysis." In IEEE Software, Jan/Feb 2002.
13. Microsoft TechNet. "Changes to Functionality in Microsoft Windows XP Service Pack 2 (Part 3: Memory Protection Technologies)." http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx.
14. "Wu-Ftpd Remote Format String Stack Overwrite Vulnerability." http://www.securityfocus.com/bid/1387
15. "Null HTTPd Remote Heap Overflow Vulnerability." http://www.securityfocus.com/bid/5774.
16. "Ghttpd Log() Function Buffer Overflow Vulnerability." http://www.securityfocus.com/bid/5960.
17. "LBNL Traceroute Heap Corruption Vulnerability." http://www.securityfocus.com/bid/1739,
18. G. Suh, J. Lee, and S. Devadas. "Secure Program Execution via Dynamic Information Flow Tracking." 11th International Conference on Architectural Support for Programming Languages and Operating Systems. Boston, Massachusetts. October 2004.
19. H. Shacham, M. Page, B. Pfaff, et al. "On the Effectiveness of Address Space Randomization." ACM Computer and Communications Security (CCS). Washington, DC. Oct. 2004.
20. D. Burger and T. Austin. The SimpleScalar Tool Set, Version 2.0.
21. th USENIX Security Symposium, 2001.
22. Tim Newsham. "Format String Attacks." http://muse.linuxmafia. org/lost+found/format-string-attacks.pdf.
23. D. Wagner, J. Foster, E. Brewer, and A. Aiken. "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities." Network and Distributed System Security Symposium (NDSS2000).
24. J. Xu, Z. Kalbarczyk and R. K. Iyer. "Transparent Runtime Randomization for Security." Proc. of 22nd Symposium on Reliable and Distributed Systems (SRDS), Florence, Italy, Oct. 6-8, 2003.