Install-time vaccination of windows executables to defend against stack smashing attacks

IFIP Advances in Information and Communication Technology

Volumn 147, Issue , 2004, Pages 225-240

  Nebenzahl, Danny ^a   Wool, Avishai ^a  

^a TEL AVIV UNIVERSITY   (Israel)

Author keywords

Buffer overflow; Computer security; Malware; Microsoft windows operating system

Indexed keywords

BENCHMARKING; MALWARE; SECURITY OF DATA;

BUFFER OVERFLOWS; DEFENSE TECHNIQUES; EXECUTABLES; MICROSOFT WINDOWS; MICROSOFT WINDOWS SYSTEMS; MULTI- THREADED APPLICATIONS; MULTI-THREADED APPLICATION; SOURCE CODES;

WINDOWS OPERATING SYSTEM;

EID: 72849146986     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/1-4020-8143-x_15     Document Type: Conference Paper

References (27)

1. [BAF+03] E. G. Barrantes, D. H. Ackley, S. Forrest, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proc. 10th ACM Conf. Computer and Communications Security (CCS), Washington, DC, 2003.
2. [BST00] Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack smashing attacks. In Proc. USENIX Annual Technical Conference, 2000.
3. [Bug03] Microsoft Windows RegEdit.exe registry key value buffer overflow vulnerability. Bugtraq id 7411, 16 April 2003. http://www.securityfocus.com/bid/7411.
4. [CBJW03] Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. Point-Guard: Protecting pointers from buffer overflow vulnerabilities. In Proc. 12th USENIX Security Symposium. USENIX, 2003.
5. [CE01] Cristina Cifuentes and Mike Van Emmerik. Recovery of jump table case statements from binary code. Science of Computer Proqramminq, 40(2-3):171-188, 2001.
6. [CER02] CERT/cc statistics 1988-2001, 2002. http://www.cert.org/stats/.
7. [CER03a] CERT advisory CA-2003-16: Buffer overflow in Microsoft RPC, 17 July 2003. http://www.cert.org/advisories/CA-2003-16.html.
8. [CER03b] CERT advisory CA-2003-20: W32/Blaster worm, 11 August 2003. http://www.cert.org/advisories/CA-2003-20.html.
9. [CPM+98] Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Symposium, pages 63-78, San Antonio, Texas, January 1998.
10. [DRS01] Nurit Dor, Michael Rodeh, and Mooly Sagiv. Cleanness checking of string manipulations in C programs via integer analysis. In Proc. 8th International Static Analysis Symposium (SAS), LNCS 2126, Paris, France, 2001. Springer-Verlag.
11. [EL02] David Evans and David Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19(1):42-51, 2002.
12. [G098] A. K. Ghosh and T. O'Connor. Analyzing programs for vulnerability to buffer overrun attacks. In Proc. 21st NIST-NCSC National Information Systems Security Conference, pages 274-382, 1998.
13. [HB99] Galen Hunt and Doug Brubacher. Detours: Binary interception of Win32 functions. In Proc. 3rd USENIX NT Symposium, pages 135-144, 1999.
14. [HL02] Michael Howard and David LeBlanc. Writing Secure Code. Microsoft Press, 2nd edition, 2002.
15. [IDA03] The IDA Pro disassembler and debugger, v4.51, 2003. http://www.datarescue.com/idabase/.
16. [Imm03] Immunix secured solutions, 2003. http://www.immnnix.com.
17. [KKP03] Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proc. 10th ACM Conf. Computer and Communications Security (CCS), Washington, DC, 2003.
18. [LD03] Cullen Linn and Saumya Debray. Obfuscation of executable code to improve resistance to static disassembly. In Proc. 10th ACM Conf. Computer and Communications Security (CCS), Washington, DC, 2003.
19. [MicOl] Microsoft Visual CH-I- compiler options: /gs (control stack checking calls). Online documentation, 2001. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore/html/_core_.2f.gs.asp.
20. [PC03] Manish Prasad and Tzi-cker Chiueh. A binary rewriting defense against stack based overflow attacks. In Proceedings of the USENIX 2003 Annual Technical Conference, 2003.
21. [Ric02] Gerardo Richarte. Four different tricks to bypass StackShield and Stack- Guard protection. Core Security Technologies, 2002. http://downloads.securityfocus.com/library/StackGuard.pdf.
22. [Sol]Solar Designer. Nonexecutable user stack, http://www.false.com/security/linux-stack/.
23. [Spa88] Eugene H. Spafford. The Internet worm program: An analysis. Technical Report CSD-TR-823, Purdue University, West Lafayette, IN 47907-2004, 1988.
24. [SPE00] SPEC CPU2000 VI.2. Standard Performance Evaluation Corporation, 2000. http://www.specbench.org/osg/cpu2000/.
25. [StaOO] Stackshield, 2000. http://www.angelfire.com/sk/stackshield.
26. [WFBA00] David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proc. Network and Distributed System Security Symposium (NDSS), pages 3-17, San Diego, CA, February 2000.
27. [WK03] John Wilander and Mariam Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the 10th Network and Distributed System Security Symposium (NDSS), pages 149162, San Diego, California, February 2003.