Retargetable and reconfigurable software dynamic translation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
MEDS: The Memory Error Detection System
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
WYSINWYX: What you see is not what you eXecute
ACM Transactions on Programming Languages and Systems (TOPLAS)
DIVINE: discovering variables in executables
VMCAI'07 Proceedings of the 8th international conference on Verification, model checking, and abstract interpretation
Improved memory-access analysis for x86 executables
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Analyzing stripped device-driver executables
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
| Hi-index | 0.00 |
Despite protracted efforts by both researchers and practitioners, security vulnerabilities remain in modern software. Artificial diversity is an effective defense against many types of attack, and one form, address-space randomization, has been widely applied. Present artificial diversity implementations are either coarse-grained or require source code. Because of the widespread use of software of unknown provenance, e.g., libraries, where no source code is provided or available, building diversity into the source code is not always possible. I investigate an approach to stack layout transformation that operates on x86 binary programs, which would allow users to obfuscate vulnerabilities and increase their confidence in the software’s dependability. The proposed approach is speculative: the stack frame layout for a function is inferred from the binary and assessed by executing the transformed program. Upon assessment failure, the inferred layout is refined in hopes to better reflect the actual function layout.