Multi-variant program execution: Using multi-core systems to defuse buffer-overflow vulnerabilities

Proceedings - CISIS 2008: 2nd International Conference on Complex, Intelligent and Software Intensive Systems

Volumn , Issue , 2008, Pages 843-848

  Salamat, Babak ^a   Gal, Andreas ^a   Todd Manivannan, Jackson Karthikeyan ^a   Wagner, Gregor ^a   Franz, Michael ^a  

^a Irvine   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BUFFER STORAGE; CODES (SYMBOLS); DIESEL ENGINES; LINGUISTICS; MICROPROCESSOR CHIPS; WEB SERVICES;

APACHE WEB SERVER; ATTACK VECTOR; BUFFER OVERFLOW DETECTION; BUFFER OVERFLOWS; CODE REVIEW; INTERNATIONAL CONFERENCES; MICROSOFT; MULTI CORES; PARALLEL EXECUTIONS; PROGRAM EXECUTIONS; PROTOTYPE IMPLEMENTATIONS; RUN-TIME; SOFTWARE VENDORS; SOFTWARE-INTENSIVE SYSTEMS; THROUGH CURRENT; TYPE-SAFE LANGUAGES;

INTELLIGENT SYSTEMS;

EID: 53149125681     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CISIS.2008.136     Document Type: Conference Paper

References (21)

1. J. Avariento. Exploit for apache mod_rewrite off-by-one, August 2006.
2. E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanović. Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur., 8(1):3-40, 2005.
3. E. D. Berger and B. G. Zorn. Diehard: probabilistic memory safety for unsafe languages. In PLDI '06: Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation, pages 158-168, New York, NY, USA, 2006. ACM Press.
4. Bulba and Kil3r. Bypassing stackguard and stackshield. Phrack Magazine, 0xA(0x38), May 2000.
5. T. cker Chiueh and F.-H. Hsu. Rad: A compile-time solution to buffer overflow attacks, icdcs, 00:0409, 2001.
6. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. Stack-Guard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Conference, pages 63-78, San Antonio, Texas, jan 1998.
7. B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: a secretless framework for security through diversity. In USENIX-SS'06: Proceedings of the 15th conference on USENIX Security Symposium, pages 8-8, Berkeley, CA, USA, 2006. USENIX Association.
8. J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 221-232, Washington, DC, USA, 2004. IEEE Computer Society.
9. M. Dowd. Apache mod_rewrite off-by-one buffer overflow vulnerability, July 2006.
10. M. Frantzen and M. Shuey. Stackghost: Hardware facilitated stack protection. In SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium, pages 5-5, Berkeley, CA, USA, 2001. USENIX Association.
11. National Institute of Standards and Technologies. National Vulnerability Database, http://nvd.nist.gov.
12. Nergal. The advanced return-into-lib(c) exploits: Pax case study. Phrack Magazine, 0xB(0x3A), December 2001.
13. Y.-J. Park, Z. Zhang, and G. Lee. Microarchitectural protection against stack-based buffer overflow attacks. IEEE Micro, 26(4):62-71, 2006.
14. PaX. http://pax.grsecurity.net.
15. scut / team teso. Exploiting format string vulnerabilities, March 2001.
16. Solar Designer. Non-executable user stack, http://www.openwall.com.
17. A. N. Sovarel, D. Evans, and N. Paul. Where's the feeb? the effectiveness of instruction set randomization. In SSYM'05: Proceedings of the 14th conference on USENIX Security Symposium, Berkeley, CA, USA, 2005. USENIX Association.
18. Standard Performance Evaluation Corporation (SPEC). http://www.spec.org.
19. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS-XI: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 85-96, New York, NY, USA, 2004. ACM Press.
20. Vendicator. Stackshield: A "stack smashing" technique protection tool for linux. http://www.angelfire.com/sk/stackshield/, 2000.
21. D. Ye and D. Kaeli. A reliable return address stack: microarchitectural features to defeat stack smashing. SIGARCH Computer Architecture News, 33(1):73-80, 2005.