Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Where's the FEEB? the effectiveness of instruction set randomization
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Transparent run-time prevention of format-string attacks via dynamic taint and flexible validation
ISC'06 Proceedings of the 9th international conference on Information Security
Kimchi: a binary rewriting defense against format string attacks
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Finite state machine based approach to prevent format string attacks
ACM SIGSOFT Software Engineering Notes
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Format string attacks allow an attacker to read or write anywhere in the memory of a process. Previous solutions designed to detect format string attacks either require source code and recompilation of the program, or aim to defend only against write attempts to security critical control information. They do not protect against arbitrary memory read attempts and non-control data attacks. This paper presents FormatShield, a comprehensive defense against format string attacks. FormatShield identifies potentially vulnerable call sites in a running process and dumps the corresponding context information in the program binary. Attacks are detected when malicious input is found at vulnerable call sites with an exploitable context. It does not require source code or recompilation of the program and can defend against arbitrary memory read and write attempts, including non-control data attacks. Also, our experiments show that FormatShield incurs minimal performance overheads and is better than existing solutions.