Implicit buffer overflow protection using memory segregation

Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Volumn , Issue , 2011, Pages 175-182

  Roth, Brent G ^a   Spafford, Eugene H ^a  

^a Purdue University   (United States)

Author keywords

Buffer overflow; Memory protection; Memory segmentation; Memory segregation; Multiple heaps; Multiple stacks

Indexed keywords

BUFFER OVERFLOWS; MEMORY PROTECTION; MEMORY SEGMENTATION; MEMORY SEGREGATION; MULTIPLE HEAPS; MULTIPLE STACKS;

BUFFER STORAGE; CRIME;

PROCESS CONTROL;

EID: 80455144708     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2011.32     Document Type: Conference Paper

References (30)

1. E. Spafford, The Internet Worm Program: Analysis, in ACM SIGCOMM Computer Communication Review, Jan. 1989.
2. Write-what-where condition, ASDR TOC Vulnerabilities, OWASP ASDR Project, http://www.owasp.org/index.php/Write-what-where-condition. Last accessed Feb. 2011.
3. Aleph One, Smashing The Stack For Fun And Profit, Phrack Magazine, Nov. 1996.
4. c0ntex, Bypassing non-executable-stack during exploitation using returnto-libc, http://www.infosecwriters.com/textresources/pdf/return-to-libc. pdf. Last accessed Feb. 2011.
5. c0ntex, How to hijack the Global Offset Table with pointers for root shells, www.infosecwriters.com/text resources/pdf/GOT-Hijack.pdf. Last accessed Feb. 2011.
6. 2010 CWE/SANS Top 25 Most Dangerous Software Errors, MITRE and the SANS Institute, http://cwe.mitre.org/top25/index.html. Last accessed Feb. 2011.
7. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003, http://support.microsoft.com/kb/875352. Last accessed Feb. 2011.
8. Pax pagexec documentation, http://pax.grsecurity.net/docs/pageexec.txt. Last accessed Feb. 2011.
9. Intel Corporation, Intel Architecture Software Developers Manual, Volume 3: System Programming Guide, Intel Corp., 2006, Order Number 243192.
10. Buffer overflow attacks bypassing dep (nx/xd bits) - part 2 : Code injection, http://www.mastropaolo.com/?p=13. Last accessed Feb. 2011.
11. Silberschatz, Galvin, and Gagne, Operating System Concepts, 8th Edition.
12. J. Pincus and B. Baker, Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, http://www.soe.ucsc.edu/classes/cmps223/Spring09/ Pincus%2004.pdf. Last accessed Feb. 2011.
13. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer, Non-Control-Data Attacks Are Realistic Threats, in Proc. of the 14th USENIX Security Symposium, Aug. 2005, pages 177-192.
14. klog, The Frame Pointer Overwrite, in Phrack Magazine, Sept. 1999.
15. Pax aslr documentation, http://pax.grsecurity.net/docs/aslr.txt. Last accessed Feb. 2011.
16. C. Cowan, C.Pu, D. Maier, J. Walpole, P. Bakke, S. Beatie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, in Proc. of the 7th USENIX Security Symposium, Jan. 1998, pages 63-78.
17. C. Cowan, S. Beattie, J. Johansen, and P. Wagle, Pointerguard: protecting pointers from buffer overflow vulnerabilities, in Proc. of the 12th USENIX Security Symposium, Aug. 2003, pages 91-104.
18. Vendicator, Stack Shield: A "stack smashing" technique protection tool for Linux, http://www.angelfire.com/sk/stackshield/info.html. Last accessed Feb. 2011.
19. H. Etoh, GCC extension for protecting applications from stack-smashing attacks. Last accessed Feb. 2011.
20. J. Wilander and M. Kamkar, A comparison of publicly available tools for dynamic buffer overflow preventing, in Proceedings of the 10th Network and Distributed System Security Symposium, Feb. 2003, pages 149-162.
21. C. Cowan, Re; PointerGuard: It's not the Size of the Buffer, it's the Address, http://www.securityfocus.com/archive/1/333988. Last accessed Feb. 2011.
22. S. Alexander, defeating compiler-level buffer overflow protection, in ;login: The USENIX Magazine, June 2005.
23. R. Riley, X. Jiang, and D. Xu, An Architectural Approach to Preventing Code Injection Attacks, in IEEE Transactions on Dependable and Secure Computing, Oct. 2010, pages 351-365.
24. Tilo Mller, ASLR Smack & Laugh Reference, http://www.ece.cmu.edu/- dbrumley/courses/18739c-s11/docs/aslr.pdf. Last accessed Feb. 2011.
25. Tyler Durden, Bypassing PaX ASLR protection, in Phrack Magazine, July 2002.
26. J. Xu, Z. Kalbarxzyk, S. Patel, and R. K. Iyer, Architecture Support for Defending Against Buffer Overflow Attacks, http://citeseerx.ist.psu.edu/viewdoc/ download?doi=10.1.1.13.7372&rep=rep1&type=pdf, 2002. Last accessed Feb. 2011.
27. J. P. McGregor, D. K. Karig, Z. Shi, and R. B. Lee, A Processor Architecture Defense Against Buffer Overflow Attacks, in IEEE International Conference on Information Technology: Research and Education, 2003, pages 243-250.
28. M. R. Krishnan, Heap: Pleasures and Pains, http://msdn.microsoft.com/en- us/library/ms810466.aspx. Last accessed Feb. 2011.
29. Malloc Multiheap, http://publib.boulder.ibm.com/infocenter/aix/v6r1/ topic/com.ibm.aix.genprogc/doc/genprogc/malloc multiheap.htm. Last accessed Feb. 2011.
30. mmalloc.info, http://www.slac.stanford.edu/comp/unix/package/rtems/doc/ html/mmalloc/mmalloc.info.Top.html. Last accessed Feb. 2011.