Advertisement

A Static Recognition Mechanism for Indirect Call Based on Static Single Assignment

  • Shixiang Gao
  • Tao Zheng
  • Xun Zhan
  • Xianping Tao
  • Qiaoming Zhu
  • Junyuan Xie
  • Wenyang Bai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8351)

Abstract

By preventing attacks which exploit stack buffer overflow vulnerabilities, address space layout randomization is an effective way for embedded systems protection. However, ASLR will probably suffer exhaustive attacks because the pertinence is not strong. At present only coarse-grained randomization has been implemented because one of the key bottlenecks for fine-grained randomization is the dependencies between functions cannot be constructed completely due to indirect calls. As a result, we give a static inter-procedural backtracking recognition mechanism in this paper by using intermediate code analysis technologies to identify the destination addresses of indirect callings generated by function pointers.

Keywords

indirect call static binary code analysis address space layout randomization embedded system security pervasive computing. 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ravi, S., Raghunathan, A., Kocher, P., et al.: Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems (TECS) 3(3), 461–491 (2004)CrossRefGoogle Scholar
  2. 2.
    Hsieh, G., Meeks, R., Marvel, L.: Supporting Secure Embedded Access Control Policy with XACML+ XML Security. In: 2010 5th International Conference on Future Information Technology (FutureTech), pp. 1–6. IEEE (2010)Google Scholar
  3. 3.
    Cowan, C., Pu, C., Maier, D., et al.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, vol. 81, pp. 346–355 (1998)Google Scholar
  4. 4.
    Cowan, C., Barringer, M., Beattie, S., et al.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium, vol. 3 (2001)Google Scholar
  5. 5.
    Solar Designer. StackPatch, http://www.opwnwall.com/linux
  6. 6.
    Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, vol. 120 (2003)Google Scholar
  7. 7.
    Kil, C., Jun, J., Bookholt, C., et al.: Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In: 22nd Annual on Computer Security Applications Conference, ACSAC 2006, pp. 339–348. IEEE (2006)Google Scholar
  8. 8.
    Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561. ACM (2007)Google Scholar
  9. 9.
    Jackson, T., Salamat, B., Wagner, G., et al.: On the effectiveness of multi-variant program execution for vulnerability detection and prevention. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, vol. 7. ACM (2010)Google Scholar
  10. 10.
    Shacham, H., Page, M., Pfaff, B., et al.: On the effectiveness of address space randomization. In: ACM conference on Computer and Communication s Security (CCS), Washington, DC, pp. 298–307 (2004)Google Scholar
  11. 11.
    Durden, T.: Bypassing pax aslr protection. Phrack Magazine 59(9), 9–9 (2002)Google Scholar
  12. 12.
    Wang, Z., Cheng, R., Gao, D.: Revisiting address space randomization. Information Security and Cryptology-ICISC 2011, 207–221 (2010)Google Scholar
  13. 13.
    Van Emmerik, M.J.: Static single assignment for decompilation. The University of Queensland (2007)Google Scholar
  14. 14.
    Appel, A.W.: Modern compiler implementation in Java. Cambridge University Press (1998)Google Scholar
  15. 15.
    Lang, B., Zhao, N., Ge, K., et al.: An XACML policy generating method based on policy view. In: Third International Conference on Pervasive Computing and Applications, ICPCA 2008, vol. 1, pp. 295–301. IEEE (2008)Google Scholar
  16. 16.
    Cytron, R., Ferrante, J., Rosen, B.K., et al.: Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems (TOPLAS) 13(4), 451–490 (1991)CrossRefGoogle Scholar
  17. 17.
    Cifuentes, C., Simon, D.: Procedure abstraction recovery from binary code. In: Proceedings of the Fourth European Software Maintenance and Reengineering, pp. 55–64. IEEE (2000)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Shixiang Gao
    • 1
  • Tao Zheng
    • 1
    • 2
  • Xun Zhan
    • 1
  • Xianping Tao
    • 2
  • Qiaoming Zhu
    • 3
  • Junyuan Xie
    • 2
  • Wenyang Bai
    • 2
  1. 1.Software InstituteNanjing UniversityNanjingChina
  2. 2.National Key Laboratory for Novel Software TechnologyNanjing UniversityNanjingChina
  3. 3.School of Computer Science & TechnologySoochow UniversitySuzhouChina

Personalised recommendations