Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Advanced compiler design and implementation
Advanced compiler design and implementation
Trust in Cyberspace
ESEC '89 Proceedings of the 2nd European Software Engineering Conference
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
A framework for testing security mechanisms for program-based attacks
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Monitoring Buffer Overflow Attacks: A Perennial Task
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
Buffer overflow has accounted for a large fraction ofInternet based attacks since 1988. Many solutions havebeen proposed to protect against a direct stack smashingattack overwriting a return address. In this paper, wetarget indirect buffer overflow attacks that overflow abuffer in memory to re-point a function pointer to theattacker's program. This type of attack could bypass mostof the current stack protection mechanisms. Ourproposed approach encrypts a function pointer before itis put into the memory and decrypts it before it is takenfrom the memory. Each function pointer is encrypted witha unique key that is randomized by the loader/linker foreach program run. This leads to two desirable properties:(1) orthogonality of key space, (2) zero incrementalknowledge gain for the adversary between two attacks ontwo different program runs. The key space orthogonalitydoes not allow a one key compromise to propagate toother function pointers. The "zero knowledge gain"forces the adversary to compromise all (or most of) thekeys in the same run. This is difficult since loader/linkerbased key randomization leads to a 2{32} iteration bruteforce attack on each key for a 32-bit architecture. Thisscheme was incorporated into GCC-3.0 on RedHat 7.0Linux distribution. The performance overhead of thisscheme is below 4.5% on Apache web server version1.3.22 with WebStone 2.5 as benchmark.