Abstract
Vulnerabilities in computer software are usually caused by allowing users access to invalid memory. For example, stack overflow is to rewrite the function return address on the stack, heap overflow always use the head of the heap chunk structure to control the functions of free or malloc. So address sanitizer can be good to improve the software security. Address sanitizer is a way of dividing all user-controlled variables in software. It detects and limits the user to access to invalid memory region, which results in the attacker can not access and reuse the memory space well, thus preventing the detect of security problems. The current address sanitizer is mainly based on the compiler and using during compilation. In this paper, we propose a binary-based address sanitizer, which provide a idea of sanitizing after compilation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Song, D., Lettner, J., Rajasekaran, P., Na, Y., Volckaert, S., Larsen, P., Franz, M.: SoK: sanitizing for security. In: IEEE Symposium on Security and Privacy (SP), pp. 1275–1295 (2019)
Luo, P., Zou, D., Du, Y., Jin, H., Liu, C., Shen, J.: Static detection of real-world buffer overflow induced by loop. Comput. Secur. 89, 101616 (2020)
Nicula, Ș., Zota, R.D.: Exploiting stack-based buffer overflow using modern day techniques. Procedia Comput. Sci. 160, 9–14 (2019)
Wu, Y., Wang, S., Bezemer, C.-P., Inoue, K.: How do developers utilize source code from stack overflow. Empir. Softw. Eng. 24(2), 637–673 (2019)
Hua, C., Zhiping, L., Wang, K.: Buffer overflow vulnerability analysis and prevention strategy. J. Inf. Secur. Res. 5(09), 812–819 (2019)
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: Google: AddressSanitizer: a fast address sanity checker. In: Annual Technical Conference (2012)
Slowinska, A., Stancescu, T., Bos, H.: Body armor for binaries: preventing buffer overflows without recompilation. In: Annual Technical Conference (2012)
Acknowledgment
We would like to thank Google team for coming up the idea of address sanitizer, which ultimately led to the thoughts on binary-based address sanitizer. And thank Asia Slowinska about his speech on Annual Technical Conference (2012) [6, 7] which show us a new way to protect a software. And we would also like to thank our teammates who joined in the discussion of this project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, Y., Cui, B. (2021). The Study and Realization of a Binary-Based Address Sanitizer Based on Code Injection. In: Barolli, L., Poniszewska-Maranda, A., Park, H. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing . IMIS 2020. Advances in Intelligent Systems and Computing, vol 1195. Springer, Cham. https://doi.org/10.1007/978-3-030-50399-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-50399-4_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50398-7
Online ISBN: 978-3-030-50399-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)