Preventing Overflow Attacks by Memory Randomization

Author

Iyer, Vivek ; Kanitkar, Amit ; Dasgupta, Partha ; Srinivasan, Raghunathan

fYear

2010

fDate

1-4 Nov. 2010

Firstpage

339

Lastpage

347

Abstract

Buffer overflow is known to be a common memory vulnerability affecting software. It is exploited to gain various kinds of privilege escalation. C and C++ are very commonly used to develop applications; due to the efficient “unmanaged” executions these languages are not safe. These attacks are highly successful as every executing copy of a shipped binary is the same. This work presents two approaches to randomizing the memory layout which does not require modifications at the developer end. Both techniques are implemented at the user-end machines and have no requirement for source code. The feasibility of the two techniques is shown by randomizing complex applications and demonstrating that the run-time penalty for the randomization schemes is very less.

Keywords

C++ language; buffer storage; security of data; software reliability; C language; C++ language; buffer overflow; memory randomization; memory vulnerability; overflow attack prevention; run time penalty; source code; user end machine; Algorithms; Buffer overflow; Force; Libraries; Memory management; Security; Software; Buffer overflow; heap randomization; software diversity; stack randomization;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Reliability Engineering (ISSRE), 2010 IEEE 21st International Symposium on

Conference_Location

San Jose, CA

ISSN

1071-9458

Print_ISBN

978-1-4244-9056-1

Electronic_ISBN

1071-9458

Type

conf

DOI

10.1109/ISSRE.2010.22

Filename

5635066