Non-control-data attacks are realistic threats

14th USENIX Security Symposium

Volumn , Issue , 2005, Pages 177-191

  Chen, Shuo ^a   Xu, Jun ^b   Sezer, Emre C ^b   Gauriar, Prachi ^b   Iyer, Ravishankar K ^a  

^a University of Illinois at Urbana Champaign   (United States)

^b North Carolina State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

DECISION MAKING; HTTP;

APPLICATION DATA; MEMORY CORRUPTION ATTACKS; NON-CONTROL DATA ATTACKS; POTENTIAL ATTACK; PROGRAM CONTROL; PROTECTION TECHNIQUES; RESEARCH EFFORTS; USER IDENTITY;

INTERNET PROTOCOLS;

EID: 85062418620     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (53)

1. S. Andersen and V. Abella. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies. http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx
2. Aleph One. Smashing the stack for fun and profit. Phrack Magazine, 49(7), Nov. 1996.
3. The Apache Software Foundation. http://www.apache.org/
4. PaX Address Space Layout Randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt
5. D. Boneh, R. A DeMillo, and R. Lipton. On the importance of eliminating errors in cryptographic computations. In Proceedings of Advances in Cryptology: Eurocrypt’97, pp.37-51, 1997
6. S. Bhatkar, D. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of 12th USENIX Security Symposium. Washington, DC, August 2003.
7. A. Baratloo, T. Tsai, and N. Singh, Transparent run-rime defense against stack smashing attacks, In Proceedings of USENIX Annual Technical Conference, June 2000.
8. C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, Washington, DC, August 2001.
9. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium. Washington, DC, August 2003.
10. J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. To appear in Proceedings of the 37th International Symposium on Microarchitecture. Portland, OR. December 2004.
11. CERT Security Advisories. http://www.cert.org/advisories/
12. CERT CC. CERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD, 2001.
13. CERT Advisory CA-2001-21 Buffer Overflow in telnetd. http://www.cert.org/advisories/CA-2001-21.html
14. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Automatic detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, January 1998.
15. S. Chen, J. Xu, R. K. Iyer, and K. Whisnant. Modeling and analyzing the security threat of firewall data corruption caused by instruction transient errors, In Proceedings of the IEEE International Conf. on Dependable Systems and Networks, Washington DC, June 2002.
16. D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, Jan/Feb 2002
17. H. Feng, J. Giffin, Y. Huang, S. Jha, W. Lee, and B. Miller. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, May 2004.
18. S. Forrest, S. Hofmeyr, A. Somayaji, and T. Longsta. A sense of self for Unix processes. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, May 1996.
19. H. Feng, O. Kolesnikov, P. Fogla, W. Lee and W. Gong. Anomaly detection using call stack information. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, May 2003.
20. S. Govindavajhala and A. W. Appel. Using memory errors to attack a virtual machine. In Proceedings of IEEE Symposium on Security and Privacy, 2003, Oakland, California. May 2003.
21. J. Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In Proceedinsg of the Symposium on Network and Distributed System Security, February 2004.
22. D. Gao, M. Reiter, and D. Song. Gray-box extraction of execution graphs for anomaly detection. In Proceedings of the 11th ACM Conference on Computer and Communication Security, October 2004.
23. S. A. Hofmeyr, S. Forrest, and A. Somayaji. Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3), 1998.
24. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of USENIX Annual Technical Conference. Monterey, CA, June 2002.
25. C. Kruegel, D. Mutz, F. Valeur, and G. Vigna. On the detection of anomalous system call arguments. In Proceeding of ESORICS 2003, October 2003.
26. Microsoft Security Bulletin, http://www.microsoft.com/technet/security/
27. G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL), 2002
28. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS’05), February 2005.
29. J. Pincus and B. Baker. Mitigations for Low-level Coding Vulnerabilities: Incomparability and Limitations. http://research.microsoft.com/users/jpincus/mitigations. pdf, 2004.
30. Perl Security. http://www.perldoc.com/perl5.6/pod/perlsec.html
31. K. Pekka and L. Kalle. SSH1 Remote Root Exploit. http://www.hut.fi/~kalyytik/hacker/ssh-crc32-exploit_Korpinen_Lyytikainen.html. 2002
32. P. Starzetz. CRC32 SSHD Vulnerability Analysis. http://packetstormsecurity.org/0102exploits/ssh1.crc32. txt
33. R. Wojtczuk. Defeating Solar Designer Non-executable Stack Patch. http://geek-girl.com/bugtraq, January 1998.
34. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. A fast automaton-based method for detecting anomalous program behaviors. In Proceedings of the 2001 IEEE Symposium on Security and Privacy, May 2001.
35. A. Smirnov and T. Chiueh. DIRA: Automatic detection, identification and repair of control-data attacks. In Proceedings of the 12th Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 3-4, 2005.
36. Ghttpd Log() Function Buffer Overflow Vulnerability. http://www.securityfocus.com/bid/5960
37. SSH CRC-32 Compensation Attack Detector Vulnerability. http://www.securityfocus.com/bid/2347/
38. Null HTTPd Remote Heap Overflow Vulnerability. http://www.securityfocus.com/bid/5774 and http://www.securityfocus.com/bid/6255
39. Multiple Vendor Telnetd Buffer Overflow Vulnerability. http://www.securityfocus.com/bid/3064
40. Sendmail Debugger Arbitrary Code Execution Vulnerability. http://www.securityfocus.com/bid/3163
41. Solar Designer. StackPatch. http://www.openwall.com/linux
42. G. Suh, J. Lee, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems. Boston, MA. October 2004.
43. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address space randomization. In Proceedings of the ACM Conference on Computer and Communications Security (CCS). Washington, DC. Oct. 2004.
44. U. Shankar, K. Talwar, J. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, 2001.
45. K.M.C. Tan, K.S. Killourhy and R.A. Maxion. Undermining an anomaly-based intrusion detection system using common exploits. RAID, 2002.
46. Tim Newsham. Format String Attacks. http://muse.linuxmafia.org/lost+found/format-stringattacks.pdf
47. United States Computer Emergency Readiness Team. Technical Cyber Security Alerts, http://www.uscert.gov/cas/techalerts/
48. D. Wagner and D. Dean. Intrusion detection via static analysis. In Proceedings of the IEEE Symposium on Security and Privacy, 2001.
49. D. Wagner and P. Soto. Mimicry attacks on host-based intrusion detection systems. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), 2002.
50. J. Xu, S. Chen, Z. Kalbarczyk, R. K. Iyer, An experimental study of security vulnerabilities caused by errors. In Proceedings of the IEEE International Conf. on Dependable Systems and Networks, Göteborg, Sweden, July 01-04, 2001.
51. J. Xu, Z. Kalbarczyk and R. K. Iyer. Transparent Runtime Randomization for Security. In Proceedings of Symposium on Reliable and Distributed Systems (SRDS), Florence, Italy, October 6-8, 2003.
52. W. Young and J. McHugh. Coding for a believable specification to implementation mapping, In Proceedings of the IEEE Symposium on Security and Privacy, 1987.
53. O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, pages 159–169, February 2004.