The internet worm program: an analysis
ACM SIGCOMM Computer Communication Review
Modern operating systems
Advanced programming in the UNIX environment
Advanced programming in the UNIX environment
Practical Unix and Internet security (2nd ed.)
Practical Unix and Internet security (2nd ed.)
The Linux kernel book
Linux Kernel Internals
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Encoding Function Pointers and Memory Arrangement Checking against Buffer Overflow Attack
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Repairing return address stack for buffer overflow protection
Proceedings of the 1st conference on Computing frontiers
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
Implicit java array bounds checking on 64-bit architecture
Proceedings of the 18th annual international conference on Supercomputing
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Using DISE to protect return addresses from attack
ACM SIGARCH Computer Architecture News - Special issue: Workshop on architectural support for security and anti-virus (WASSA)
A framework for testing security mechanisms for program-based attacks
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Detection and prevention of stack buffer overflow attacks
Communications of the ACM
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the 12th ACM conference on Computer and communications security
An electric fence for kernel buffers
Proceedings of the 2005 ACM workshop on Storage security and survivability
SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address
IEEE Transactions on Computers
Scalable network-based buffer overflow attack detection
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Secure Bit: Transparent, Hardware Buffer-Overflow Protection
IEEE Transactions on Dependable and Secure Computing
Implicit array bounds checking on 64-bit architectures
ACM Transactions on Architecture and Code Optimization (TACO)
Using common off-the-shelf tools to implement dynamic aspects
ACM SIGPLAN Notices
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Utilizing Binary Rewriting for Improving End-Host Security
IEEE Transactions on Parallel and Distributed Systems
Architecting security: a secure implementation of hardware buffer-overflow protection
ACST'07 Proceedings of the third conference on IASTED International Conference: Advances in Computer Science and Technology
A polymorphic shellcode detection mechanism in the network
Proceedings of the 2nd international conference on Scalable information systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Instruction-level countermeasures against stack-based buffer overflow attacks
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Fast bounds checking using debug register
HiPEAC'08 Proceedings of the 3rd international conference on High performance embedded architectures and compilers
Malicious shellcode detection with virtual memory snapshots
INFOCOM'10 Proceedings of the 29th conference on Information communications
HSP: A solution against heap sprays
Journal of Systems and Software
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
ValueGuard: protection of native applications against data-only buffer overflows
ICISS'10 Proceedings of the 6th international conference on Information systems security
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Jump-oriented programming: a new class of code-reuse attack
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
ROPdefender: a detection tool to defend against return-oriented programming attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Building components with embedded security monitors
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Code pointer masking: hardening applications against code injection attacks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Mitigating code-reuse attacks with control-flow locking
Proceedings of the 27th Annual Computer Security Applications Conference
Poster: control-flow integrity for smartphones
Proceedings of the 18th ACM conference on Computer and communications security
Actively modifying control flow of program for efficient anormaly detection
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
LADC'05 Proceedings of the Second Latin-American conference on Dependable Computing
On the expressiveness of return-into-libc attacks
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Prevent kernel return-oriented programming attacks using hardware virtualization
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Branch regulation: low-overhead protection from code reuse attacks
Proceedings of the 39th Annual International Symposium on Computer Architecture
Static secure page allocation for light-weight dynamic information flow tracking
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Memory errors: the past, the present, and the future
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
There is safety in numbers: preventing control-flow hijacking by duplication
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
GHUMVEE: efficient, effective, and flexible replication
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
Leveraging speculative architectures for runtime program validation
ACM Transactions on Embedded Computing Systems (TECS)
Tappan Zee (north) bridge: mining memory accesses for introspection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.02 |
Abstract: Buffer overflow attack can inflict upon almost arbitrary programs and is one of the most common vulnerabilities that can seriously compromise the security of a network-attached computer system. This paper presents a compiler-based solution to the notorious buffer overflow attack problem. Using this solution, users can prevent attackers from compromising their systems by changing the return address to execute injected code, which is the most common method used in buffer overflow attacks. Return Address Defender (RAD) is a simple compiler patch that automatically creates a safe area to store a copy of return addresses and automatically adds protection code into applications that it compiles to defend programs against buffer overflow attacks. Using it to protect a program does not need to modify the source code of the protected programs. Moreover, RAD does not change the layout of stack frames, so binary code it generated is compatible with existing libraries and other object files. Empirical performance measurements on a fully operational RAD prototype show that programs protected by RAD only experience a factor of between 1.01 to 1.31 slow-down. In this paper we present the principle of buffer overflow attacks, a taxonomy of defense methods, the implementation details of RAD, and the performance analysis of the RAD prototype.