On protection by layout randomization

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2010, Pages 337-351

  Abadi, Martín ^a,b   Plotkin, Gordon ^a,b  

^a MICROSOFT RESEARCH   (United States)

^b UNIVERSITY OF EDINBURGH   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

FULL ABSTRACTION; HIGH-LEVEL PROGRAMMING LANGUAGE; MEMORY ADDRESS; SOFTWARE PROTECTION;

SECURITY SYSTEMS;

C (PROGRAMMING LANGUAGE);

EID: 77957600240     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2010.30     Document Type: Conference Paper

References (31)

1. Martín Abadi. Protection in programming-language translations. In Kim G. Larsen, Sven Skyum, and Glynn Winskel, editors, Proceedings of the 25th International Colloquium on Automata, Languages and Programming, volume 1443 of Lecture Notes in Computer Science, pages 868-883. Springer, 1998.
2. Martín Abadi, Mihai Budiu, Ú lfar Erlingsson, and Jay Ligatti. Control-flow integrity: principles, implementations, and applications. ACM Transactions on Information and System Security, 13(1):1-40, 2009.
3. Martín Abadi and Phillip Rogaway. Reconciling two views of cryptography (The computational soundness of formal encryption). Journal of Cryptology, 15(2):103-127, 2002.
4. Anonymous. Bypassing PaX ASLR protection. Phrack, 11(59), 2002.
5. Michael Backes, Dennis Hofheinz, and Dominique Unruh. Cosp: a general framework for computational soundness proofs. In 16th ACM Conference on Computer and Communications Security, pages 66-78, 2009.
6. Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, and Darko Stefanovíc. Randomized instruction set emulation. ACM Transactions on Information and System Security, 8(1):3-40, 2005.
7. Emery D. Berger and Benjamin G. Zorn. Diehard: probabilistic memory safety for unsafe languages. In 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 158-168, 2006.
8. Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In 12th USENIX Security Symposium, 2003.
9. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In 14th USENIX Security Symposium, 2005.
10. Hubert Comon-Lundh and Véronique Cortier. Computational soundness of observational equivalence. In 15th ACM Conference on Computer and Communications Security, pages 109-118, 2008.
11. Peter Druschel and Larry L. Peterson. High-performance cross-domain data transfer. Technical Report TR 92-11, Department of Computer Science, The University of Arizona, March 1992.
12. Ú lfar Erlingsson. Low-level software security: Attacks and defenses. In Alessandro Aldini and Roberto Gorrieri, editors, Foundations of Security Analysis and Design IV, FOSAD 2006/2007 Tutorial Lectures, volume 4677 of Lecture Notes in Computer Science, pages 92-134. Springer, 2007.
13. Matthias Felleisen and Daniel P. Friedman. Control operators, the secd-machine, and the lambda-calculus. In 3rd Working Conference on the Formal Description of Programming Concepts, pages 193-219, 1986.
14. Stephanie Forrest, Anil Somayaji, and David H. Ackley. Building diverse computer systems. In 6th Workshop on Hot Topics in Operating Systems, pages 67-72, 1997.
15. Masahito Hasegawa and Yoshihiko Kakutani. Axioms for recursion in call-by-value. Higher-Order and Symbolic Computation, 15(2-3):235-264, 2002.
16. Michael Howard and Matt Thomlinson. Windows Vista ISV security, April 2007. http://msdn2.microsoft.com/en-us/library/bb430720.aspx.
17. Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. Countering code-injection attacks with instruction-set randomization. In 10th ACM Conference on Computer and Communications security, pages 272-280, 2003.
18. Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. Secure execution via program shepherding. In 11th USENIX Security Symposium, pages 191-206, 2002.
19. John Mitchell. Foundations for Programming Languages. MIT Press, 1996.
20. Eugenio Moggi. Computational lambda-calculus and monads. In Fourth Annual IEEE Symposium on Logic in Computer Science, pages 14-23, 1989.
21. Eugenio Moggi. Notions of computation and monads. Information and Computation, 93(1):55-92, 1991.
22. James H. Morris, Jr. Protection in programming languages. Communications of the ACM, 16(1):15-21, 1973.
23. Greg Morrisett, David Walker, Karl Crary, and Neal Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):527- 568, 1999.
24. Gene Novark, Emery D. Berger, and Benjamin G. Zorn. Exterminator: Automatically correcting memory errors with high probability. Communications of the ACM, 51(12):87-95, 2008.
25. Karthik Pattabiraman, Vinod Grover, and Benjamin G. Zorn. Samurai: protecting critical data in unsafe languages. In EuroSys, pages 219-232, 2008.
26. PaX Project. The PaX project, 2004. http://pax.grsecurity.net/.
27. Riccardo Pucella and Fred B. Schneider. Independence from obfuscation: A semantic framework for diversity. In 19th IEEE Computer Security Foundations Workshop, pages 230- 241, 2006.
28. Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In 11th ACM Conference on Computer and Communications Security, pages 298-307, 2004.
29. Alexander Sotirov and Mark Dowd. Bypassing browser memory protections: Setting back browser security by 10 years. http://taossa.com/archive/ bh08sotirovdowd.pdf 2008.
30. Anna Nora Sovarel, David Evans, and Nathanael Paul. Where's the FEEB? the effectiveness of instruction set randomization. In 14th USENIX Security Symposium, pages 145- 160, 2005.
31. Curtis Yarvin, Richard Bukowski, and Tom Anderson. Anonymous RPC: Low-latency protection in a 64-bit address space. In USENIX Summer Technical Conference, pages 175- 186, 1993.