Body armor for binaries: Preventing buffer overflows without recompilation

Proceedings of the 2012 USENIX Annual Technical Conference, USENIX ATC 2012

Volumn , Issue , 2019, Pages 125-137

  Slowinska, Asia ^a   Stancescu, Traian ^b   Bos, Herbert ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

^b GOOGLE INC   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BUFFER OVERFLOWS; COMPETING TECHNOLOGIES; FALSE POSITIVE; MEMORY CORRUPTION ATTACKS; NON-CONTROL DATA ATTACKS; NOVEL TECHNIQUES; RECOMPILATION; SOURCE CODES;

ARMOR;

EID: 85077121004     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. BYTE Magazine nbench benchmark. http://www.tux.org/~mayer/linux/bmark.html.
2. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. Control-Flow integrity. In Proc. of the 12th ACM conference on Computer and communications security (2005), CCS'05.
3. AKRITIDIS, P., CADAR, C., RAICIU, C., COSTA, M., AND CASTRO, M. Preventing memory error exploits with WIT. In Proc. of the IEEE Symposium on Security and Privacy, S&P'08.
4. AKRITIDIS, P., COSTA, M., CASTRO, M., AND HAND, S. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proc. of the 18th Usenix Security Symposium (2009), USENIX-SS'09.
5. AVOTS, D., DALTON, M., LIVSHITS, V. B., AND LAM, M. S. Improving software security with a C pointer analysis. In Proc. of the 27th Intern. Conf. on Software Engineering (ICSE) (2005).
6. BELLARD, F. QEMU, a fast and portable dynamic translator. In Proc. of USENIX 2005 Annual Technical Conference, ATEC'05.
7. BHATKAR, S., DUVARNEY, D. C., AND SEKAR, R. Address obfuscation: an efficient approach to combat a board range of memory error exploits. In Proc. of the 12th conference on USENIX Security Symposium (2003), SSYM'03.
8. BOSMAN, E., SLOWINSKA, A., AND BOS, H. Minemu: The Worlds Fastest Taint Tracker. In Proc. of 14th International Symposium on Recent Advances in Intrusion Detection (2011), RAID 2011.
9. CADAR, C., DUNBAR, D., AND ENGLER, D. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proc.s of the 8th USENIX Symposium on Operating Systems Design and Implementation (2008), OSDI'08.
10. CASTRO, M., COSTA, M., AND HARRIS, T. Securing software by enforcing data-flow integrity. In Proc. of the 7th USENIX Symp. on Operating Systems Design and Impl. (2006), OSDI'06.
11. CHEN, S., XU, J., NAKKA, N., KALBARCZYK, Z., AND IYER, R. K. Defeating memory corruption attacks via pointer taintedness detection. In Proc. of the 2005 International Conference on Dependable Systems and Networks (2005), DSN'05.
12. CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-control-data attacks are realistic threats. In Proc. of 14th USENIX Security Symposium (2005), SSYM'05.
13. CHIPOUNOV, V., KUZNETSOV, V., AND CANDEA, G. S2E: A platform for in vivo multi-path analysis of software systems. In Proc. of 16th Intl. Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2011).
14. CONDIT, J., HARREN, M., MCPEAK, S., NECULA, G. C., AND WEIMER, W. CCured in the real world. In Proc of the 2003 Conf. on Programming languages design and implementation, POPL'03.
15. COSTA, M., CROWCROFT, J., CASTRO, M., ROWSTRON, A., ZHOU, L., ZHANG, L., AND BARHAM, P. Vigilante: end-to-end containment of internet worms. In Proc. of the 20th ACM Symposium on Operating Systems Principles (2005), SOSP'05.
16. COWAN, C., PU, C., MAIER, D., HINTONY, H., WALPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., AND ZHANG, Q. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proc. of the 7th USENIX Security Symposium (1998), SSYM'98.
17. CWE/SANS. TOP 25 Most Dangerous Software Errors. www.sans.org/top25-software-errors, 2011.
18. ELIAS LEVY (ALEPH ONE). Smashing the stack for fun and profit. Phrack 7, 49 (1996).
19. ERLINGSSON, U., VALLEY, S., ABADI, M., VRABLE, M., BUDIU, M., AND NECULA, G. C. XFI: software guards for system address spaces. In Proc. of the 7th USENIX Symp. on Operating Systems Design and Implementation (2006), OSDI'06.
20. JIM, T., MORRISETT, G., GROSSMAN, D., HICKS, M., CHENEY, J., AND WANG, Y. Cyclone: A safe dialect of C. In USENIX 2002 Annual Technical Conference, ATEC'02.
21. LAURENZANO, M., TIKIR, M. M., CARRINGTON, L., AND SNAVELY, A. PEBIL: Efficient static binary instrumentation for Linux. In Proc. of the IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS-2010.
22. LU, S., LI, Z., QIN, F., TAN, L., ZHOU, P., AND ZHOU, Y. Bugbench: Benchmarks for evaluating bug detection tools. In Workshop on the Evaluation of Software Defect Detection Tools (2005).
23. NAGARAKATTE, S., ZHAO, J., MARTIN, M. M., AND ZDANCEWIC, S. SoftBound: highly compatible and complete spatial memory safety for C. In Proc. of PLDI'09.
24. NETHERCOTE, N., AND SEWARD, J. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proc. of the 3rd Intern. Conf. on Virtual Execution Environ. (2007), VEE.
25. PORTOKALIDIS, G., SLOWINSKA, A., AND BOS, H. Argos: an Emulator for Fingerprinting Zero-Day Attacks. In Proc. of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems (2006), EuroSys'06.
26. REPS, T., AND BALAKRISHNAN, G. Improved memory-access analysis for x86 executables. In CC'08/ETAPS'08: Proc. of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction (2008).
27. SLOWINSKA, A., AND BOS, H. The Age of Data: Pinpointing Guilty Bytes in Polymorphic Buffer Overflows on Heap or Stack. In Proc. of the 23rd Annual Computer Security Applications Conference (2007), ACSAC'07.
28. SLOWINSKA, A., AND BOS, H. Pointless tainting?: evaluating the practicality of pointer tainting. In EuroSys'09: Proc. of the 4th ACM European conf. on Computer systems (2009).
29. SLOWINSKA, A., STANCESCU, T., AND BOS, H. Howard: a dynamic excavator for reverse engineering data structures. In Proceedings of NDSS (2011).
30. SOTIROV, A. Modern exploitation and memory protection bypasses. USENIX Security invited talk, www.usenix.org/events/sec09/tech/slides/sotirov.pdf, August 2009.
31. SRIDHAR, S., SHAPIRO, J. S., AND NORTHUP, E. HDTrans: An open source, low-level dynamic instrumentation system. In Proc. of the 2nd Intern. Conf. on Virtual Execution Environ. (2006).
32. STANCESCU, T. BodyArmor: Adding Data Protection to Binary Executables. Master's thesis, VU Amsterdam, 2011.
33. TEAM, P. Design and implementation of PAGEEXEC. http://pax.grsecurity.net/docs/pageexec.old.txt, November 2000.