Address-space layout randomization using code islands

Journal of Computer Security

Volumn 17, Issue 3, 2009, Pages 331-362

  Xu, Haizhi ^a,b   Chapin, Steve J ^a  

^a Syracuse University   (United States)

^b MICROSOFT   (United States)

Author keywords

Address space layout randomization (ASLR); Buffer overflow; Code island; Dynamic loader; Return into lib(c) attacks

Indexed keywords

ADDRESS SPACE; ADDRESS-SPACE LAYOUT RANDOMIZATION (ASLR); BRUTE-FORCE ATTACK; BUFFER OVERFLOW; C-SYSTEMS; CODE BLOCKS; CODE ISLAND; CODE TRANSFORMATION; DEDICATED SERVERS; ISLAND CONTROL; KEY COMPONENT; LIBRARY FUNCTIONS; MEMORY LOCATIONS; MEMORY MAPPING; MULTIPLE TARGETS; PROCESS LAYOUT; RETURN-INTO-LIB(C) ATTACKS; RUNTIMES; TARGET FUNCTIONS;

BUFFER STORAGE; COSINE TRANSFORMS; LOADERS; TARGETS;

LOCATION;

EID: 68149145720     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2009-0322     Document Type: Article

References (24)

1. Aleph One, Smashing the stack for fun and profit, www.Phrack.org 7(49) (1996), file no. 14.
2. E.G. Barrantes, D.H. Ackley, S. Forrest, T.S. Palmer, D. Stefanovic and D.D. Zovi, Randomized instruction set emulation to disrupt binary code injection attacks, in: Proceedings of the 10th ACM Conference On Computer And Communication Security, Washington, DC, USA, October 2003.
3. M. Bernaschi, E. Gabrielli and L.V. Mancini, Enhancements to the linux kernel for blocking buffer overflow based attacks, in: 4th Linux Showcase & Conference, Atlanta, GA, USA, October 2000.
4. S. Bhatkar, D.C. DuVarney and R. Sekar, Address obfuscation: An efficient approach to combat a broad range of memory error exploits, in: Proceedings of the 12th USENIX Security Symposium, Washington, DC, USA, August 2003.
5. S. Bhatkar, R. Sekar and D.C. DuVarney, Efficient techniques for comprehensive protection from memory error exploits. in: Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, August 2005.
6. C. Cowan, S. Beattie, J. Johansen and P. Wagle, Pointguard: Protecting pointers from buffer overflow vulnerabilities, in: Proceedings of the 12th USENIX Security Symposium, Washington, DC, USA, August 2003.
7. U. Drepper, How to write shared libraries, January 2005; http://people.redhat.com/drepper/ dsohowto.pdf.
8. T. Durden, Bypassing PaX ASLR protection, www.Phrack.org 11(59) (2002), file no. 9.
9. eEye Digital Security, Microsoft Internet Information Services Remote Buffer Overflow (SYSTEM Level Access), June 2001; http://www.eeye.com/html/ Research/Advisories/AD20010618.html.
10. eEye Digital Security, ANALYSIS: .ida "Code Red" Worm, July 2001; http://www.eeye.com/html/ research/advisories/AL20010717.html.
11. S. Forrest, S.A. Hofmeyr, A. Somayaji and T.A. Longstaff, A sense of self for unix processes, in: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 1996.
12. G.S. Kc, A.D. Keromytis and V. Prevelakis, Countering code-injection attacks with instruction-set randomization, in: Proceedings of the 10th ACM Conference On Computer And Communication Security, Washington, DC, USA, October 2003.
13. Z. Liang and R. Sekar, Automated, sub-second attack signature generation: A basis for building self-protecting servers, Technical report, Department of Computer Science, Stony Brook University, May 2005.
14. Z. Liang and R. Sekar, Fast and automated generation of attack signatures: A basis for building self-protecting servers, in: Proceedings of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, November 2005.
15. Nergal, The advanced return-into-lib(c) exploits, www.Phrack.org 11(58) (2001), file no. 4.
16. Openwall, Segvguard; ftp://ftp.pl.openwall.com/misc/segvguard/.
17. W. Purczynski, kNoX - implementation of non-executable page protection mechanism, May 2003; http://www.opennet.ru/prog/info/1769.shtml.
18. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu and D. Boneh, On the effectiveness of address space randomization, in: Proceedings of the 11th ACM Conference On Computer And Communication Security, Washington, DC, USA, October 2004.
19. Solar Designer, Non-executable user stack, http://www.openwall.com/linux/ , 1997.
20. N. Sovarel, D. Evans and N. Paul, Where's the FEEB? The effectiveness of instruction set randomization, in: Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, August 2005.
21. The Pax team, PaX address space layout randomization (ASLR), http://pax.grsecurity.net/docs/ aslr.txt, 2003.
22. D. Wagner and P. Soto, Mimicry attacks on host-based intrusion detection systems, in: Proceedings of the 9th ACM Conference On Computer And Communication Security, Washington, DC, USA, November 2002.
23. J. Xu, Z. Kalbarczyk and R.K. Iyer, Transparent runtime randomization for security, in: Proceedings of the 22nd Symposium on Reliable and Distributed Systems (SRDS), Florence, Italy, October 2003.
24. J. Xu, P. Ning, C. Kil, Y. Zhai and C. Bookholt, Automatic diagnosis and response to memory corruption vulnerabilities, in: Proceedings of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, November 2005.