Address-space randomization for windows systems

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2006, Pages 329-338

  Li, Lixin ^a   Just, James E ^a   Sekar, R ^b  

^a Global InfoTek Inc   (United States)

^b STONY BROOK UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ADDRESS-SPACE RANDOMIZATION; CORE SYSTEM SERVICES; MICROSOFT WINDOWS;

COMPUTER CRIME; DATA STORAGE EQUIPMENT; INTERNET; PERSONAL COMPUTERS; WEB BROWSERS;

WINDOWS OPERATING SYSTEM;

EID: 39049166231     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2006.10     Document Type: Conference Paper

References (24)

1. Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack smashing attacks. In USENIX Technical Conference, 2000.
2. Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, Trek S. Palmer, Darko Stefanović, and Dino Dai Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In ACM Computer and Communications Security (CCS), 2003.
3. Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In USENIX Security Symposium, 2003.
4. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In USENIX Security Symposium, 2005.
5. Tzi-cker Chiueh and Fu-Hau Hsu. RAD: A compiletime solution to buffer overflow attacks. In IEEE Int'l Conference on Distributed Computing Systems, 2001.
6. Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In USENIX Security Symposium, 2003.
7. Crispin Cowan et al. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX Security Symposium, 1998.
8. Hiroaki Etoh and Kunikazu Yoda. Protecting from stack-smashing attacks. Published on World-Wide Web at URL http://www.trl.ibm.com/projects/security/ssp/ main.html, 2000.
9. Michael Howard. ASLR features in Windows Vista. Published on World-Wide Web at URL http://blogs.msdn.com/michael-howard/archive/2006/05/26/608315.aspx, 2006.
10. Trevor Jim, Greg Morrisett, Dan Grossman, Micheal Hicks, James Cheney, and Yanling Wang. Cyclone: a safe dialect of C. In USENIX Annual Technical Conference, 2002.
11. Robert W. M. Jones and Paul H. J. Kelly. Backwardscompatible bounds checking for arrays and pointers in C programs. In Third International Workshop on Automated Debugging, 1997.
12. Yariv Kaplan. API spying techniques for windows 9x, NT and 2000. Published on World-Wide Web at URL www.internals.com/articles/apispy/apispy.htm, 2000.
13. Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. Countering code-injection attacks with instruction-set randomization. In ACM Computer and Communications Security (CCS), 2003.
14. Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. Secure execution via program shepherding. In USENIX Security Symposium, 2002.
15. George C. Necula, Scott McPeak, and Westley Weimer. CCured: type-safe retrofitting of legacy code. In ACM Symposium on Principles of Programming Languages (POPL), 2002.
16. PaX. Published on World-Wide Web at URL http://pax.grsecurity.net, 2001.
17. Manish Prasad and Tzi cker Chiueh. A binary rewriting defense against stack-based buffer overflow attacks. In USENIX Annual Technical Conference, 2003.
18. Mark Russinovich and Bryce Cogswell. Windows NT system-call hooking. Dr. Dobb's Journal, Jan 1997.
19. Olatunji Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Network and Distributed System Security Symposium, 2004.
20. Eugune Tsyrklevich. Ozone. Published on World-Wide Web http://www.blackhat.com/presentations/bh-usa-05Zbh-us-05-tsyrklevich.pdf, 2005.
21. WehnTrust. Published on World-Wide Web at URL http://www.wehnus.com/ products.pl, 2006.
22. windbg. Published on World-Wide Web at URL http://www.microsoft.com/whdc/ devtools/debugging/installx86.mspx, 2006.
23. Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. Transparent runtime randomization for security. In Symposium on Reliable and Distributed Systems (SRDS), 2003.
24. Wei Xu, Daniel C. Duvarney, and R. Sekar. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering, 2004.