Protection against format string attacks by binary rewriting
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Kimchi: a binary rewriting defense against format string attacks
WISA'05 Proceedings of the 6th international conference on Information Security Applications
| Hi-index | 0.00 |
A method for efficiently generating signatures for detecting library functions in executable files is described. The signatures are used to automatically detect such functions in dcc, the reverse compiler at the Queensland University of Technology. Difficulties arise from the variability of the signatures, the multiplicity of library code vendors, and of memory models, and indistinguishable functions. An efficient hashing technique involving perfect optimal hashing functions is used. Performance is good - the signature files are created in a few seconds, and the name of a library function can be found in about the time of two standard hashes. One signature file is required for each vendor, version, and memory model combination. and they are generated from die appropriate library file (e.g. slibce.lib). Some issues are yet to be addressed, such as variation due to floating point math options (e.g. emulator, fast alternate, or coprocessor calls).