Code injection attacks on harvard-architecture devices

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 15-25

  Francillon, Aurélien ^a   Castelluccia, Claude ^a  

^a INRIA RHÔNE ALPES   (France)

Author keywords

Buffer overflow; Code injection attacks; Computer worms; Embedded devices; Gadgets; Harvard architecture; Return oriented programming; Wireless sensor networks

Indexed keywords

BUFFER OVERFLOW; CODE INJECTION ATTACKS; EMBEDDED DEVICES; GADGETS; HARVARD ARCHITECTURE; RETURN ORIENTED PROGRAMMING;

BUFFER STORAGE; COMPUTER ARCHITECTURE; COMPUTER SYSTEMS PROGRAMMING; COMPUTER WORMS; MICA; ROUTING PROTOCOLS; SENSOR NETWORKS; SILICATE MINERALS; WIRELESS TELECOMMUNICATION SYSTEMS;

WIRELESS SENSOR NETWORKS;

EID: 70349278622     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1455770.1455775     Document Type: Conference Paper

References (29)

1. Aleph One. Smashing the stack for fun and profit. Phrack Magazine 49(14), 1996. http://www.phrack.org/issues. html?issue=49.
2. AMD. AMD 64 and Enhanced Virus Protection.
3. ATMEL. Atmegal28(l) datasheet, doc2467: 8-bit microcontroller with 128k bytes in-system programmable flash.
4. K. Chang and K. Shin. Distributed authentication of program integrity verification in wireless sensor networks. ACM TISSEC, 11(3), 2008.
5. N. Cooprider, W. Archer, E. Eide, D. Gay, and J. Regehr. Efficient memory safety for tinyos. In SenSys, 2007.
6. C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX Security Symposium, 1998.
7. Crossbow technology inc. Micaz.
8. T. DeRaadt. Advances in OpenBSD. In CanSecWest, 2003.
9. P. Dutta, J. Hui, D. Chu, and D. Culler. Securing the deluge network programming system. IPSN, 2006.
10. T. Goodspeed. Exploiting wireless sensor networks over 802.15.4. In ToorCon 9, San Diego, 2007.
11. T. Goodspeed. Exploiting wireless sensor networks over 802.15.4. In Texas Instruments Developper Conference, 2008.
12. Q. Gu and R. Noorani. Towards self-propagate mal-packets in sensor networks. In WiSec. ACM, 2008.
13. J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Least we remember: Cold boot attacks on encryption keys. In USENIX Security Symposium, 2008.
14. J. W. Hui and D. Culler. The dynamic behavior of a data dissemination protocol for network programming at scale. In SenSys, ACM, 2004.
15. IEEE. Wireless medium access control and physical layer specifications for low-rate wireless personal area networks. IEEE Standard, 802.15.4-2003.
16. C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In ACSAC, 2006.
17. D. H. Kim, R. Gandhi, and P. Narasimhan. Exploring symmetric cryptography for secure network reprogramming. ICDCSW, 2007.
18. I. Krontiris and T. Dimitriou. Authenticated in-network programming for wireless sensor networks. In ADHOC-NOW, 2006.
19. P. Lanigan, R. Gandhi, and P. Narasimhan. Sluice: Secure dissemination of code updates in sensor networks. ICDCS, 2006.
20. G. Montenegro, N. Kushalnagar, J. Hui, and D. Culler. Transmission of ipv6 packets over ieee 802.15.4 networks (rfc 4944). Technical report, IETF, September 2007.
21. Riley, Jiang, and Xu. An architectural approach to preventing code injection attacks, dsn, 2007.
22. A. Seshadri, A. Perrig, L. van Doom, and P. K. Khosla. Swatt: Software-based attestation for embedded devices. In IEEE S&P, 2004.
23. H. Shacham. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS. ACM, 2007.
24. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In CCS. ACM, 2004.
25. Solar Designer, return-to-libc attack. Bugtraq mailing list, August 1997.
26. The PaX Team. Pax address space layout randomization (aslr). http://pax.grsecurity.net/docs/aslr.txt.
27. The PaX Team. Pax, 2003. http://pax.grsecurity.net.
28. B. L. Titzer, D. K. Lee, and J. Palsberg. Avrora: scalable sensor network simulation with precise timing. In IPSN, 2005.
29. Ubisec&sens european project. http://www.ist-ubisecsens.org/.