Memory errors: The past, the present, and the future

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7462 LNCS, Issue , 2012, Pages 86-106

  Van Der Veen, Victor ^a   Dutt Sharma, Nitish ^a   Cavallaro, Lorenzo ^a,b   Bos, Herbert ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

^b UNIVERSITY OF LONDON   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

MEMORY ERROR; MODERN MACHINES; SECURITY MEASURE; SOFTWARE ERRORS;

ARTIFICIAL INTELLIGENCE;

ERRORS;

EID: 84867874938     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-33338-5_5     Document Type: Conference Paper

References (113)

1. Afek, J., Sharabani, A.: Dangling Pointer, Smashing the Pointer for Fun and Profit. In: Blackhat, USA (2007)
2. Akritidis, P.: Cling: A memory allocator to mitigate dangling pointers. In: Proceedings of the 19th USENIX Conference on Security (2010)
3. Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium (2009)
4. Aleph: Smashing The Stack For Fun And Profit. Phrack Magazine (November 1996)
5. Anderson, J.P.: Computer Security Technology Planning Study, vol. 2 (October 1972)
6. Anisimov, A.: Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass (January 2005)
7. Anonymous: Once Upon a Free. Phrack Magazine (August 2001)
8. Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanovi, D.: Randomized instruction set emulation. ACM TISSEC (2005)
9. Basili, V.R., Perricone, B.T.: Software errors and complexity: an empirical investigation. CACM (1984)
10. Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S.,Wolf, C.: Mobile security catching up? In: IEEE S&P (2011)
11. Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: USENIX Security Symposium (August 2005)
12. blackngel: Malloc Des-Maleficarum. Phrack Magazine (June 2009)
13. blackngel: The House Of Lore: Reloaded. Phrack Magazine (November 2010)
14. Blazakis, D.: Interpreter Exploitation. In: Proceedings of the 4th USENIX Conference on Offensive Technologies (2010)
15. BlueHat, M.: Microsoft BlueHat Prize Contest (2011)
16. Bosman, E., Slowinska, A., Bos, H.: Minemu: The World's Fastest Taint Tracker. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 1-20. Springer, Heidelberg (2011)
17. Bray, B.: Compiler Security Checks In Depth (February 2002)
18. Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)
19. Bruschi, D., Cavallaro, L., Lanzi, A.: Diversified Process Replicae for Defeating Memory Error Exploits. In: Intern. Workshop on Assurance, WIA (2007)
20. BugTraq: Wu-Ftpd Remote Format String Stack Overwrite Vulnerability (June 2000)
21. Bulba, Kil3r: Bypassing StackGuard and StackShield. Phrack Magazine (January 2000)
22. CERT Coordination Center: The CERT FAQ (January 2011)
23. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Sec. Symposium (2005)
24. Christey, S., Martin, R.A.: Vulnerability Type Distributions in CVE (May 2007)
25. Cker Chiueh, T., Hau Hsu, F.: Rad: A compile-time solution to buffer overflow attacks. In: ICDCS (2001)
26. Conover, M., Horovitz, O.: Windows Heap Exploitation (Win2KSP0 through WinXPSP2). In: SyScan (December 2004)
27. Conover, M.: w00w00 Security Team: w00w00 on Heap Overflows (January 1999)
28. Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.: FormatGuard: Automatic Protection From printf Format String Vulnerabilities. In: USENIX Security Symposium (August 2001)
29. Cowan, C., Pu, C., Maier, D., Hintongif, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In: Proceedings of the 7th USENIX Security Symposium (January 1998)
30. Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: a secretless framework for security through diversity. In: USENIX Security Symposium (2006)
31. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege Escalation Attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346-360. Springer, Heidelberg (2011)
32. de Raadt, T.: Exploit Mitigation Techniques (in OpenBSD, of course) (November 2005)
33. Designer, S.: Getting around non-executable stack (and fix) (August 1997)
34. Designer, S.: Linux kernel patch to remove stack exec permission (April 1997)
35. Designer, S.: JPEG COM Marker Processing Vulnerability (July 2000)
36. DilDog: L0pht Advisory MSIE4.0(1) (January 1998)
37. Dowd, M.: Application-Specific Attacks: Leveraging the ActionScript Virtual Machine (April 2008)
38. Durden, T.: Bypassing PaX ASLR Protection. Phrack Magazine (July 2002)
39. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 88-106. Springer, Heidelberg (2009)
40. Etoh, H., Yoda, K.: Protecting from stack-smashing attacks (June 2000)
41. Fewer, S.: Pwn2Own 2011: IE8 onWindows 7 hijacked with 3 vulnerabilities (May 2011)
42. Fisher, D.: Survey Shows Most Flaws Sold For $5,000 Or Less (May 2010)
43. Fisher, D.: Chaouki Bekrar: The Man Behind the Bugs (March 2012)
44. Fisher, D.: Offense is Being Pushed Underground (March 2012)
45. Flake, H.: Third Generation Exploits. In: Blackhat USA Windows Security (February 2002)
46. Flake, H.: Exploitation and State Machines: Programming the "weird machine" revisited (April 2011)
47. Fresi-Roglia, G., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: ACSAC (December 2009)
48. Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. In: Proceedings of the 21th USENIX Conference on Security (2012)
49. Goodin, D.: Legal goons threaten researcher for reporting security bug (2011)
50. Guido, D.: Vulnerability Disclosure (2011)
51. Hawkes, B.: Attacking the Vista Heap. Blackhat, USA (August 2008)
52. Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: Where'd My Gadgets Go? In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (2012)
53. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: USENIX ATC (2002)
54. Jones, R.W.M., Kelly, P.H.J., Most, C., Errors, U.: Backwards-compatible bounds checking for arrays and pointers in c programs. In: Third International Workshop on Automated Debugging (1997)
55. jp: Advanced Doug lea's malloc exploits. Phrack Magazine (August 2003)
56. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection Attacks With Instruction-Set Randomization (October 2003)
57. Kononenko, S.: Remote root vulnerability in Exim (December 2010)
58. Krahmer, S.: x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique (September 2005)
59. Labs, M.S.: Security Labs Report, July - December 2011 Recap (Februay 2012)
60. Lemos, R.: Does Microsoft Need Bug Bounties? (May 2011)
61. Litchfield, D.: Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server. In: Blackhat, Asia (December 2003)
62. Litchfield, D.: Windows Heap Overflows. In: Blackhat USA Windows Security (January 2004)
63. Lopatic, T.: Vulnerability in NCSA HTTPD 1.3 (Februay 1995)
64. Marinescu, A.: Windows Vista Heap Management Enhancements. In: Blackhat, USA (August 2006)
65. MaXX: VUDO Malloc Tricks. Phrack Magazine (August 2001)
66. McDonald, J.: Defeating Solaris/SPARC Non-Executable Stack Protection) (March 1999)
67. McDonald, J., Valasek, C.: Practical Windows XP/2003 Heap Exploitation. Blackhat, USA (July 2009)
68. Meer, H.: Memory Corruption Attacks The (almost) Complete History. In: Blackhat, USA (July 2010)
69. Mein, A.: Celebrating one year of web vulnerability research (2012)
70. Microsoft: A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003 (September 2006)
71. Miller, M.: Preventing the Exploitation of SEH Overwrites (September 2006)
72. Necula, G.C., Condit, J., Harren,M., Mcpeak, S., Weimer,W.: Ccured: Type-safe retrofitting of legacy software. ACM Trans. on Progr. Lang. and Syst (2005)
73. Nergal: The Advanced Return-Into-Lib(c) exploits (PaX Case study). Phrack Magazine (December 2001)
74. NIST: The Second Static Analysis Tool Exposition (SATE) 2009 (June 2010)
75. Okun, V., Guthrie, W.F., Gaucher, R., Black, P.E.: Effect of static analysis tools on software security: preliminary investigation. In: Proceedings of the 2007 ACM Workshop on Quality of Protection (2007)
76. Ostrand, T.J., Weyuker, E.J.: The distribution of faults in a large industrial software system. In: ISSTA (2002)
77. Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (2012)
78. Phantasmagoria, P.: The Malloc Maleficarum (October 2005)
79. Planet, C.: A Eulogy for Format Strings. Phrack (November 2010)
80. Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Comprehensive shellcode detection using runtime heuristics. In: ACSAC (2010)
81. Richarte, G.: Four different tricks to bypass StackShield and StackGuard protection (June 2002)
82. Ruwase, O., Lam, M.: A practical dynamic buffer overflow detector. In: Proceedings of NDSS Symposium (February 2004)
83. Roemer, R., Erik Buchanan, H.S., Savage, S.: Return-Oriented Programming: Systems, Languages, and Applications. ACM TISSEC (April 2010)
84. Salamat, B., Jackson, T., Gal, A., Franz, M.: Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space. In: EuroSys (2009)
85. SANS: CWE/SANS TOP 25 Most Dangerous Software Errors (June 2011)
86. Schmidt, C., Darby, T.: The What, Why, and How of the 1988 Internet Worm (July 2001)
87. Scut: Exploiting Format String Vulnerabilities (September 2001)
88. Seifried, K., Levy, E.: Interview with Elias Levy (Bugtraq) (2001)
89. Serna, F.J.: CVE-2012-0769, the case of the perfect info leak (February 2012)
90. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: ACM CCS (October 2004)
91. SkyLined: Internet Exploiter 3: Technical details (November 2004)
92. SkyLined: Internet Explorer IFRAME src&name parameter BoF remote compromise (October 2004)
93. SkyLined: Microsoft Internet Explorer DHTML Object handling vulnerabilities (MS05-20) (April 2005)
94. Slowinska, A., Stancescu, T., Bos, H.: Howard: a dynamic excavator for reverse engineering data structures. In: Proceedings of NDSS 2011, San Diego, CA (2011)
95. Slowinska, A., Stancescu, T., Bos, H.: Body armor for binaries: preventing buffer overflows without recompilation. In: Proceedings of the USENIX Security Symposium (2012)
96. StackShield: Stack Shield: A "stack smashing" technique protection tool for Linux (December 1999)
97. Symantec: Symantec report on the underground economy (2008)
98. Team, P.: Address Space Layout Randomization (March 2003)
99. The Pax Team: Design & Implementation of PAGEEXEC (2000)
100. Theriault, C.: Why is a 14-month-old patched Microsoft vulnerability still being exploited? (February 2012)
101. Twillman, T.: Exploit for proftpd 1.2.0pre6 (September 1999)
102. van der Veen, V., dutt Sharma, N., Cavallaro, L., Bos, H.: Memory Errors: The Past, the Present, and the Future. Technical Report IR-CS-73 (November 2011)
103. Veracode: State of Software Security Report, vol. 4 (December 2011)
104. VUPEN: Safari/MacBook first to fall at Pwn2Own (March 2011)
105. VUPEN:Pwn2Own2012:GoogleChromebrowser sandbox first to fall (March 2012)
106. VUPEN: Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities (March 2012)
107. Waisman,N.:Understanding andBypassingWindowsHeap Protection (June 2007)
108. Wei, T., Wang, T., Duan, L., Luo, J.: Secure dynamic code generation against spraying. In: ACM CCS (2010)
109. X-Force, I.: IBM X-Force 2011 Mid-year Trend and Risk Report (September 2011)
110. Younan, Y., Joosen, W., Piessens, F.: Code injection in C and C++: A Survey of Vulnerabilities and Countermeasures. Technical Report CW386 (July 2004)
111. Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: PAriCheck: an efficient pointer arithmetic checker for c programs. In: AsiaCCS (2010)
112. Zatko, P.: How to write Buffer Overflows (1995)
113. Zetter, K.: Three minutes with rain forrest puppy (2001)