Protecting function pointers in binary

ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

Volumn , Issue , 2013, Pages 487-492

  Zhang, Chao ^a   Wei, Tao ^a,b   Chen, Zhaofeng ^a   Duan, Lei ^a   McCamant, Stephen ^c   Szekeres, Laszlo ^d  

^a PEKING UNIVERSITY   (China)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c UNIVERSITY OF MINNESOTA   (United States)

^d STONY BROOK UNIVERSITY   (United States)

Author keywords

binary rewriting; function pointer protection

Indexed keywords

ATTACK VECTOR; BINARY EXECUTABLES; BINARY REWRITING; CONTROL-FLOW; DEVELOPMENT PROCESS; FUNCTION POINTERS; PROTECTION MECHANISMS; PROTECTION METHODS;

SECURITY OF DATA;

EID: 84877975195     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2484313.2484376     Document Type: Conference Paper

References (21)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. In Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 340-353, 2005.
2. S. Alexander. Defeating compiler-level buffer overflow protection. The USENIX Magazine;LOGIN, 30(3):59-71, 2005.
3. S. Andersen and V. Abella. Data execution prevention: Changes to functionality in microsoft windows xp service pack 2, part 3: Memory protection technologies. http://technet.microsoft.com/en-us/library/bb457155.aspx, 2004.
4. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: generalizing return-oriented programming to risc. In Proceedings of the 15th ACM conference on Computer and communications security, pages 27-38, 2008.
5. C. Cifuentes and M. Van Emmerik. Recovery of jump table case statements from binary code. In Proceedings of the 7th International Workshop on Program Comprehension, pages 192-199. IEEE, 1999.
6. CORE Security Technologies Advisories. Core-2007-0219: Openbs's ipv6 mbufs remote kernel buffer overflow. http://www.securityfocus.com/archive/1/ 462728/30/150/threaded, 2007.
7. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Pointguard™: protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th conference on USENIX Security Symposium, volume 12, pages 91-104, 2003.
8. M. Daniel, J. Honoroff, and C. Miller. Engineering heap overflow exploits with javascript. In Proceedings of the 2nd conference on USENIX Workshop On Offensive Technologies, 2008.
9. J. L. Henning. Spec cpu2006 benchmark descriptions. SIGARCH Comput. Archit. News, 34:1-17, Sept. 2006.
10. Hex-Rays SA. IDA Pro: a cross-platform multi-processor disassembler and debugger. http://www.hex-rays.com/products/ida/index.shtml.
11. Metasploit Open Source Commitment. Metasploit penetration testing software & framework.
12. Microsoft Visual Studio 2005. Image has safe exception handlers. http://msdn.microsoft.com/en-us/library/9a89h429%28v=vs.80%29.aspx.
13. MSDN online library. EncodePointer function: provide another layer of protection for pointer values. http://msdn.microsoft.com/en-us/library/ bb432254(v=vs.85).aspx.
14. MSDN online library. Microsoft Portable Executable (PE) and Common Object File Format (COFF) Specification. http://msdn.microsoft.com/en-us/windows/ hardware/gg463119.aspx.
15. Offensive Security. Expoit database.
16. A. One. Smashing the stack for fun and profit. Phrack magazine, 7:14-16, 1996.
17. PaX Team. Pax address space layout randomization. http://pax.grsecurity. net/docs/aslr.txt, 2003.
18. V. Thampi. Udis86 disassembler library for x86. http://udis86. sourceforge.net/.
19. P. Vreugdenhil. Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit. http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf, 2010.
20. R. Wartell, V. Mohan, K. Hamlen, and Z. Lin. Securing untrusted code via compiler-agnostic binary rewriting. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12), Orlando, FL, December 2012.
21. C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical control flow integrity & randomization for binary executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy, San Francisco, CA, May 2013.