Title :
Base Address Recognition with Data Flow Tracking for Injection Attack Detection
Author :
Katsunuma, Satoshi ; Kurita, Hiroyuki ; Shioya, Ryota ; Shimizu, Kazuto ; Irie, Hidetsugu ; Goshima, Masahiro ; Sakai, Shuichi
Author_Institution :
Graduate Sch. of Inf. Sci. & Technol., Tokyo Univ.
Abstract :
Vulnerabilities such as buffer overflows exist in some programs, and such vulnerabilities are susceptible to address injection attacks. The input data tracking method, which was proposed before, prevents I-data, which are the data derived from the input data, being used as addresses. However, the rules to determine address injection attacks are vague, which produces many false-positives and false-negatives in detection results. Generally, the data used as an address consist of a base address and an address offset. We propose an architectural technique to prevent I-data overwriting B-data, which are the data used as base addresses in this paper. It dynamically recognizes the I-data and the B-data. Address injection is detected if I-data that are not B-data are used as addresses. We implemented the proposed technique on a Pentium-based Bochs emulator and investigated its detection capability. We believe that the technique is the most accurate injection detection technique proposed thus far
Keywords :
data flow analysis; security of data; storage allocation; Pentium-based Bochs emulator; address injection attack detection; architectural technique; base address recognition; buffer overflow; data flow tracking; input data tracking method; program vulnerability; Buffer overflow; Computer errors; Computer security; Computer worms; Data security; Information science; Information security; Internet; Protection; Safety; address; base; data flow tracking; injection attack; security; vulnerability;
Conference_Titel :
Dependable Computing, 2006. PRDC '06. 12th Pacific Rim International Symposium on
Conference_Location :
Riverside, CA
Print_ISBN :
0-7695-2724-8
DOI :
10.1109/PRDC.2006.22
