Efficient protection against heap-based buffer overflows without resorting to magic

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4307 LNCS, Issue , 2006, Pages 379-398

  Younan, Yves ^a   Joosen, Wouter ^a   Piessens, Frank ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

BUFFER STORAGE;

ATTACK VECTOR; BUFFER OVERFLOWS; DANGLING POINTERS; DYNAMIC MEMORY MANAGEMENT; EFFICIENT PROTECTIONS; MANAGEMENT INFORMATION; MEMORY ALLOCATORS; MEMORY LOCATIONS;

BENCHMARKING;

EID: 84989825191     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11935308_27     Document Type: Conference Paper

References (45)

1. Aleph One: Smashing the stack for fun and profit. Phrack49 (1996)
2. Younan, Y., Joosen, W., Piessens, F.: Code injection in C and C++: A survey of vulnerabilities and countermeasures. Technical Report CW386, Departement Computerwetenschappen, Katholieke Universiteit Leuven (2004)
3. Austin, T.M., Breach, S.E., Sohi, G.S.: Efficient detection of all pointer and array access errors. In: Proc. of the ACM’94 Conf. on Programming Language Design and Implementation, Orlando, FL (1994)
4. Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proc. of the 3rd Int. Workshop on Automatic Debugging, Linköping, Sweden (1997)
5. Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proc. of the 11th Network and Distributed System Security Symp., San Diego, CA (2004)
6. Xu, W., DuVarney, D.C., Sekar, R.: An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In: Proc. of the 12th ACM Int. Symp. on Foundations of Software Engineering, Newport Beach, CA (2004)
7. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. of the 7th USENIX Security Symp., San Antonio, TX (1998)
8. Etoh, H., Yoda, K.: Protecting from stack-smashing attacks. Technical report, IBM Research Divison, Tokyo ResearchLaboratory (2000)
9. Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: USENIX2000Technical Conf. Proc., San Diego, CA (2000)
10. 10.Xu, J., Kalbarczyk, Z., Patel, S., Ravishankar, K.I.: Architecture support for defending against buffer overflow attacks. In: Second Workshop on Evaluating and Architecting System dependabilitY, San Jose, CA (2002)
11. 11.Younan, Y., Pozza, D., Joosen, W., Piessens, F.: Extended protection against stack smashing attacks without performance loss. In: Proc. of the Annual Computer Security Apps. Conf., Miami, FL (2006)
12. Robertson, W., Kruegel, C., Mutz, D., Valeur, F.: Run-time detection of heap-based overflows. In: Proc. of the 17th Large Installation Systems Administrators Conf., San Diego, CA (2003)
13. Krennmair, A.: ContraPolice: a libc extension for protecting applications from heap-smashing attacks. http://www.synflood.at/contrapolice/(2003)
14. Perens, B.: Electric fence 2.0.5. http://perens.com/FreeSoftware/(1999)
15. Free Software Foundation: GNU C library. http://www.gnu.org/software/libc (2004)
16. Younan, Y.: Dnmalloc 1.0. http://www.fort-knox.org (2005)
17. 17.Kamp, P.H.: Malloc(3) revisted. In: Proc. of the USENIX1998Anual technical conference, New Orleans, LA (1998)
18. Summit, S.: Re: One of your c.l.c faq question. Comp.lang.C newsgroup (2001)
19. Bulba, Kil3r: Bypassing Stackguard and stackshield. Phrack56 (2000)
20. anonymous: Once upon a free(). Phrack57 (2001)
21. Kaempf, M.: Vudo - an object superstitiously believed to embody magical powers. Phrack57 (2001)
22. Solar Designer: JPEG COM marker processing vulnerability in netscape browsers. http://www.openwall.com/advisories/OW-002-netscape-jpeg.txt (2000)
23. Lea, D., Gloger, W.: malloc-2.7.2.c. Comments in source code (2001)
24. Gloger, W.: ptmalloc. http://www.malloc.de/en/(1999)
25. Dobrovitski, I.: Exploit for CVS double free() for linux pserver. http://seclists.org/lists/bugtraq/2003/Feb/0042.html (2003)
26. 26.Stevens, W.R.: Advanced Programming in the UNIX env. Addison-Wesley (1993)
27. The PaX Team: Documentation for PaX. http://pax.grsecurity.net (2000)
28. Henning, J.L.: Spec cpu2000: Measuring cpu performance in the new millennium. Computer33(7) (2000)
29. Grunwald, D., Zorn, B., Henderson, R.: Improving the cache locality of memory allocation. In: Proc. of the ACM1993Conf. on Programming Language Design and Implementation, New York, NY (1993)
30. Johnstone, M.S., Wilson, P.R.: The memory fragmentation problem: Solved? In: Proc. of the 1st ACM Int. Symp. on Memory Management, Vancouver, BC (1998)
31. 31.Berger, E.D., Zorn, B.G., McKinley, K.S.: Composing high-performance memory allocators. In: Proc. of the ACM Conf. on Programming Language Design and Implementation, Snowbird, UT (2001)
32. 32.Berger, E.D., Zorn, B.G., McKinley, K.S.: Reconsidering custom memory allocation. In: Proc. of the ACM Conf. on Object-Oriented Programming Systems, Languages and Apps., Seattle, WA (2002)
33. van der Pas, R.: Memory hierarchy in cache-based systems. Technical Report 817-0742-10, Sun Microsystems, Sant a Clara, CA (2002)
34. Zen-parse: Wu-ftpd 2.6.1 exploit. Vuln-dev mailinglist (2001)
35. 35.Kaempf, M.: Sudo exploit. Bugtraq mailinglist (2001)
36. 36.Phantasmagoria, P.: The malloc maleficarum. Bugtraq mailinglist (2005)
37. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from buffer overflow vulnerabilities. In: Proc. of the 12th USENIX Security Symp., Washington, DC (2003)
38. Alexander, S.: Defeating compiler-level buffer overflow protection.;login: The USENIX Magazine 30(3) (2005)
39. Solar Designer: Non-executable stack patch. http://www.openwall.com (1998)
40. 40.Wojtczuk, R.: Defeating Solar Designer’s Non-executable Stack Patch. Bugtraq mailinglist (1998)
41. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Symp., Washington, DC (2003)
42. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: Proc. of the 11th ACM Conf. on Computer and communications security, Washington, DC (2004)
43. Avijit, K., Gupta, P., Gupta, D.: Tied, libsafeplus: Tools for runtime buffer overflow protection. In: Proc. of the 13th USENIX Security Symp., San Diego, CA (2004)
44. Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proc. of the 11th USENIX Security Symp., San Francisco, CA (2002)
45. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proc. of the 12th ACM Conf. on Computer and Communications Security, Alexandria, VA (2005)