An architectural approach to preventing code injection attacks

IEEE Transactions on Dependable and Secure Computing

Volumn 7, Issue 4, 2010, Pages 351-365

  Riley, Ryan ^a   Jiang, Xuxian ^b   Xu, Dongyan ^c  

^a QATAR UNIVERSITY   (Qatar)

^b North Carolina State University   (United States)

^c Purdue University   (United States)

Author keywords

Code injection; secure memory architecture

Indexed keywords

CODES (SYMBOLS); VIRTUAL ADDRESSES;

ARCHITECTURAL APPROACH; ARCHITECTURAL SOLUTIONS; CODE INJECTION; CODE INJECTION ATTACKS; LAYOUT RESTRICTION; MEMORY SYSTEMS; MODERN PROCESSORS; REAL-WORLD ATTACK;

MEMORY ARCHITECTURE;

EID: 78149470447     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2010.1     Document Type: Article

References (37)

1. "A Detailed Description of the Data Execution Prevention (dep) Feature in Windows xp Service Pack 2, Windows xp Tablet pc ed. 2005, and Windows Server 2003", http://support.microsoft.com/kb/875352, Dec. 2006.
2. "Pax Pageexec Documentation", http://pax.grsecurity.net/docs/ pageexec.txt, Dec. 2006.
3. Intel Corporation, IA-32 Intel Architecture Software Developer's Manual Volume 3A: System Programming Guide, Part 1. Intel Corp., publication number 253668, 2006.
4. "Buffer Overflow Attacks Bypassing dep (nx/xd bits)-Part 2: Code Injection", http://www.mastropaolo.com/?p=13, Dec. 2006.
5. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks", Proc. Seventh USENIX Security Conf., pp. 63-78, http://citeseer.ist.psu.edu/cowan98stackguard.html, 1998.
6. H. Etoh, "Gcc Extension for Protecting Applications from Stack-Smashing Attacks", http://www.trl.ibm.com/projects/security/ssp/, Dec. 2006.
7. Vendicator "Stack Shield: A 'Stack Smashing' Technique Protection Tool for Linux", http://www.angelfire.com/sk/stackshield/info.html, Dec. 2006.
8. J. Wilander and M. Kamkar, "A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention", Proc. 10th Network and Distributed System Security Symp., pp. 149-162, citeseer.ist.psu.edu/ wilander03comparison.html, Feb. 2003.
9. J. von Neumann, "First, Draft of a Report on the EDVAC", 1945, reprinted in, The Origins of Digital Computers Selected Papers, second ed., pp. 355-364, Springer, 1975.
10. P. C. van Oorschot, A. Somayaji, and G. Wurster, "Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance", IEEE Trans. Dependable and Secure Computing, vol. 2, no. 2, pp. 82-92, Apr. 2005.
11. H. H. Aiken, "Proposed Automatic Calculating Machine", 1937, reprinted in, The Origins of Digital Computers Selected Papers, second ed., pp. 191-198, Springer, 1975.
12. H. H. Aiken and G. M. Hopper, "The Automatic Sequence Controlled Calculator", 1946, reprinted in, The Origins of Digital Computers Selected Papers, second ed., pp. 199-218, Springer, 1975.
13. "kernelthread.com:SecuringMemory", http://www.kernelthread.com/ publications/security/smemory.html, Dec. 2006.
14. Skape and Skywing, "Bypassing Windows Hardware-Enforced dep", Uninformed, vol. 2, http://www.uninformed.org, Sept. 2005.
15. R. Krishnakumar, "Hugetlb-Large Page Support in the Linux Kernel", Linux Gazette, vol. 155, http://linuxgazette.net/155/krishnakumar. html, Oct. 2008.
16. "Pax aslr Documentation", http://pax.grsecurity.net/docs/aslr. txt, Dec. 2006.
17. S. Bhatkar, D. C. DuVarney, and R. Sekar, "Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits", Proc. 12th USENIX Security Symp., 2003.
18. S. Bhatkar, R. Sekar, and D. C. DuVarney, "Efficient Techniques for Comprehensive Protection from Memory Error Exploits", Proc. 14th USENIX Security Symp., 2005.
19. J. Xu, Z. Kalbarczyk, and R. K. Iyer, "Transparent Runtime Randomization for Security", Proc. 22nd Symp. Reliable and Distributed Systems (SRDS), Oct. 2003.
20. E. G. Barrantes, D. H. Ackley, S. Forrest, T. S. Palmer, D. Stefanovic, and D. D. Zovi, "Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks", Proc. 10th ACM Conf. Computer and Comm. Security (CCS), 2003.
21. G. S. Kc, A. D. Keromytis, and V. Prevelakis, "Countering Code Injection Attacks with Instruction-Set Randomization", Proc. 10th ACM Conf. Computer and Comm. Security (CCS), 2003.
22. S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis, "Building a Reactive Immune System for Software Services", Proc. USENIX Ann. Technical Conf., 2005.
23. L. Lam and T. Chiueh, "Checking Array Bound Violation Using Segmentation Hardware", Proc. Int'l Conf. Dependable Systems and Networks (DSN'05), pp. 388-397, 2005.
24. "Wind River: Vxworks", http://www.windriver.com/vxworks/, Mar. 2007.
25. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. Iyer, "Non-Control-Data Attacks Are Realistic Threats", Proc. USENIX Security Symp., Aug. 2005.
26. "bochs: The Open Source ia-32 Emulation Project", http://bochs.sourceforge.net/, Dec. 2006.
27. P. Venda, "PaX Performance Impact", http://www.pjvenda.org/ linux/doc/pax-performance/, Oct. 2005.
28. A. Apvrille, D. Gordon, S. Hallyn, M. Pourzandi, and V. Roy, "Digsig: Run-Time Authentication of Binaries at Kernel Level", Proc. 18th USENIX Conf. System Administration (LISA'04), pp. 59-66, 2004.
29. B. Lymn, "Verified Exec-Extending the Security Perimeter", Proc. Australian Unix Users Group Conf. 2004.
30. "Sebek", http://www.honeynet.org/tools/sebek/, 2010.
31. X. Jiang and X. Wang, "'Out-of-the-Box' Monitoring of VM-Based High Interaction Honeypots", Proc. 10th Recent Advances in Intrusion Detection (RAID'07), Sept. 2007.
32. G. Portokalidis, A. Slowinska, and H. Bos, "Argos: An Emulator for Fingerprinting Zero-Day Attacks for Advertised Honeypots with Automatic Signature Generation", Proc. ACM SIGOPS/European Conf. Computer Systems (EuroSys'06), pp. 15-27, 2006.
33. A. Avizienis, J. C. Laprie, and B. Randell, "Fundamental Concepts of Dependability", Proc. Int'l Workshop Information Security (ISW'00), 2000.
34. "Linux/Unix nbench", http://www.tux.org/mayer/linux/bmark.html, Dec. 2006.
35. "Unixbench", http://www.tux.org/pub/tux/benchmarks/System/ unixbench/, Dec. 2006.
36. J. Giffin, M. Christodorescu, and L. Kruger, "Strengthening Software Self-Checksumming via Self-Modifying Code", Proc. 21st IEEE Ann. Computer Security Applications Conf. (ACSAC'05), pp. 18-27, Dec. 2005.
37. R. Riley, X. Jiang, and D. Xu, "An Architectural Approach to Preventing Code Injection Attacks", Proc. 37th Ann. IEEE/IFIP Int'l Conf. Dependable Systems and Networks (DSN'07), pp. 30-40, 2007.