The internet worm program: an analysis
ACM SIGCOMM Computer Communication Review
Adding run-time checking to the portable C compiler
Software—Practice & Experience
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Low-cost, concurrent checking of pointer and array accesses in C programs
Software—Practice & Experience
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Breaking the memory secrecy assumption
Proceedings of the Second European Workshop on System Security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Surgically Returning to Randomized lib(c)
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
Fail-safe ANSI-C compiler: an approach to making C programs secure
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
Code pointer masking: hardening applications against code injection attacks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Despite the large number of proposed countermeasures against control-flow hijacking attacks, these attacks still pose a great threat for today's applications. The problem with existing solutions is that they either provide incomplete probabilistic protection (e.g., stack canaries) or impose a high runtime overhead (e.g., bounds checking). In this paper, we show how the concept of program-part duplication can be used to protect against control-flow hijacking attacks and present two different instantiations of the duplication concept which protect against popular attack vectors. First, we use the duplication of functions to eliminate the need of return addresses and thus provide complete protection against attacks targeting a function's return address. Then we demonstrate how the integrity of function pointers can be protected through the use of data duplication. We test the combined effectiveness of our two methods and experimentally show that they provide an almost complete protection against control-flow hijacking attacks with only a low runtime overhead in real-world applications.