Address obfuscation: An efficient approach to combat a broad range of memory error exploits

Proceedings of the 12th USENIX Security Symposium

Volumn , Issue , 2003, Pages 105-120

  Bhatkar, Sandeep ^a   DuVarney, Daniel C ^a   Sekar, R ^a  

^a Stony Brook University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ERRORS; LOCATION; RANDOM PROCESSES;

BUFFER OVERFLOWS; IMPLEMENTATION STRATEGIES; IN-DEPTH UNDERSTANDING; LARGE-SCALE ATTACKS; PROGRAM OBFUSCATION; PROGRAMMING ERRORS; RELATIVE DISTANCES; RUNTIME OVERHEADS;

CODES (SYMBOLS);

EID: 84862209017     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. Pax. Published on World-Wide Web at URL http://pageexec.virtualave.net, 2001.
2. Anonymous. Once upon a free⋯. Phrack, 11(57), August 2001.
3. Anonymous. Bypassing pax aslr protection. Phrack, 11(59), July 2002.
4. D. Aucsmith. Tamper-resistant software: An implementation. In Ross Anderson, editor, Information hiding: first international workshop, Cambridge, U.K., May 30-June 1, 1996: proceedings, Volume 1174 of Lecture Notes in Computer Science, pages 317-333, Berlin, Germany /Heidelberg, Germany /London, UK /etc., 1996. Springer-Verlag.
5. Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. Efficient detection of all pointer and array access errors. In Proceedings of the ACM SIGPLAN'94 Conference on Programming Language Design and Implementation (PLDI), pages 290-301, Orlando, Florida, 20-24 June 1994. SIGPLAN Notices 29(6), June 1994.
6. Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack smashing attacks. In Proceedings of the 2000 USENIX Annual Technical Conference (USENIX-00), pages 251-262, Berkeley, CA, june 2000.
7. Bulba and Ki13r. Bypassing stackguard and stackshield. Phrack, 11(56), May 2000.
8. Monica Chew and Dawn Song. Mitigating buffer overflows by operating system randomization. Technical Report CMU-CS-02-197, Carnegie Mellon University, December 2002.
9. Tzicker Chiueh and Fu-Hau Hsu. Rad: A compile-time solution to buffer overflow attacks. In 21st International Conference on Distributed Computing, page 409, Phoenix, Arizona, April 2001.
10. Christian Collberg, Clark Thomborson, and Douglas Low. Breaking abstractions and unstructuring data structures. In Proceedings of the 1998 International Conference on Computer Languages, pages 28-38. IEEE Computer Society Press, 1998.
11. Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proc. 7th USENIX Security Conference, pages 63-78, San Antonio, Texas, jan 1998.
12. Crispin Cowan, Matt Barringer, Steve Beattie, and Greg Kroah-Hartman. Formatguard: Automatic protection from printf format string vulnerabilities. In USENIX Security Symposium, 2001.
13. Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. Pointguard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, Washington, D.C., August 2003.
14. Nurit Dor, Michael Rodeh, and Mooly Sagiv. Cleanness checking of string manipulations in C programs via integer analysis. In Static Analysis Symposium, Volume 2126 of Lecture Notes in Computer Science, pages 194-? Springer Verlag, June 2001.
15. Daniel C. DuVarney, R. Sekar, and Yow-Jian Lin. Benign software mutations: A novel approach to protect against large-scale network attacks. Center for Cybersecurity White Paper (prepared for Airforce Office of Scientific Research), October 2002.
16. Hiroaki Etoh and Kunikazu Yoda. Protecting from stack-smashing attacks. Published on World-Wide Web at URL http://www.trl.ibm.com/projects/security/ssp/main.html, June 2000.
17. Stephanie Forrest, Anil Somayaji, and David H. Ackley. Building diverse computer systems. In 6th Workshop on Hot Topics in Operating Systems, pages 67-72, Los Alamitos, CA, 1997. IEEE Computer Society Press.
18. Jeffrey S. Foster, Manuel Fähndrich, and Alexander Aiken. A theory of type qualifiers. In ACM SIGPLAN Conference on Programming Language and Design, Atlanta, GA, May 1999.
19. Reed Hastings and Bob Joyce. Purify: A tool for detecting memory leaks and access errors in C and C++ programs. In USENIX Association, editor, Proceedings of the Winter 1992 USENIX Conference, pages 125-138, Berkeley, CA, USA, January 1992. USENIX.
20. Oded Horovitz. Big loop integer protection. Phrack, 11(60), December 2002.
21. Trevor Jim, Greg Morrisett, Dan Grossman, Micheal Hicks, James Cheney, and Yanling Wang. Cyclone: a safe dialect of C. In USENIX Annual Technical Conference, Monterey, CA, June 2002.
22. Robert W. M. Jones and Paul H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In M. Kamkar and D. Byers, editors, Third International Workshop on Automated Debugging. Linkoping University Electronic Press, 1997.
23. Michel Kaempf. Vudo malloc tricks. Phrack, 11(57), August 2001.
24. Stephen Kaufer, Russell Lopez, and Sesha Pratap. Saber-C - an interpreter-based programming environment for the C language. In USENIX Association, editor, Summer USENIX Conference Proceedings, pages 161-171, Berkeley, CA, USA, Summer 1988. USENIX.
25. Samuel C. Kendall. Bcc: run-time checking for c programs. In Proceedings of the USENIX Summer Conference, El. Cerrito, California, USA, 1983. USENIX Association.
26. David Larochelle and David Evans. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001.
27. Mudge. How to write buffer overflows. Published on World-Wide Web at URL http://www.insecure.org/stf/mudge-buffer-overflow-tutorial.html, 1997.
28. George C. Necula, Scott McPeak, and Westley Weimer. CCured: type-safe retrofitting of legacy code. In Symposium on Principles of Programming Languages (POPL '02), pages 128-139, Portland, OR, January 2002.
29. Nergal. The advanced return-into-lib(c) exploits. Phrack, 11(58), Dec 2001.
30. Mary Lou Nohr. Understanding ELF Object Files and Debugging Tools. Number ISBN: 0-13-091109-7. Prentice Hall Computer Books, 1993.
31. Aleph One. Smashing the stack for fun and profit. Phrack, 7(49), November 1996.
32. Radu Rugina and Martin Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In Proceedings of the ACM SIGPLAN '00 conference on Programming language design and implementation, pages 182-195. ACM Press, 2000.
33. Scut. Exploting format string vulnerabilities. Published on World-Wide Web at URL http://www.team-teso.net/articles/formatstring, March 2001.
34. Snort(tm) advisory: Integer overflow in stream4. April 2003. Published on World-Wide Web at URL http://www.kb.cert.org/vuls/id/JPLA-5LPR9S.
35. Ssh crc32 attack detection code contains remote integer overflow. 2001. Published on World-Wide Web at URL http://www.kb.cert.org/vuls/id/945216.
36. Joseph L. Steffen. Adding run-time checking to the portable c compiler. Software-Practice and Experience, 22:305-316, April 1992.
37. David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium, San Diego, CA, 2000.
38. Chenxi Wang, Jack Davidson, Jonathan Hill, and John Knight. Protection of software-based survivability mechanisms. In International Conference on Dependable Systems and Networks, Goteborg, Sweeden, July 2001.
39. Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. Transparent runtime randomization for security. Technical Report UILU-ENG-03-2207, Center for Reliable and High-Performance Computing, University of Illinois at Urbana-Champaign, May 2003.
40. Lu Xun. A linux executable editing library. Masters Thesis, 1999. available at http://www.geocities.com/fasterlu/leel.htm.