Skip to main content
SpringerLink
Log in
Book cover

Handbook of Information and Communication Security pp 633–658Cite as

Low-Level Software Security by Example

  • Chapter

Abstract

Computers are often subject to external attacks that aim to control software behavior. Typically, such attacks arrive as data over a regular communication channel and, once resident in program memory, trigger pre-existing, low-level software vulnerabilities. By exploiting such flaws, these low-level attacks can subvert the execution of the software and gain control over its behavior. The combined effects of these attacks make them one of the most pressing challenges in computer security. As a result, in recent years, many mechanisms have been proposed for defending against these attacks.

This chapter aims to provide insight into low-level software attack and defense techniques by discussing four examples that are representative of the major types of attacks on C and C++ software, and four examples of defenses selected because of their effectiveness, wide applicability, and low enforcement overhead. Attacks and defenses are described in enough detail to be understood even by readers without a background in software security, and without a natural inclination for crafting malicious attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   349.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   449.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   599.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Howard, S. Lipner: The Security Development Lifecycle (Microsoft Press, Redmond, Washington 2006)

    Google Scholar 

  2. E.H. Spafford: The Internet worm program: An analysis, SIGCOMM Comput. Commun. Rev. 19(1), 17–57 (1989)

    Article  Google Scholar 

  3. Intel Corporation: Intel IA-32 Architecture, Software Developer's Manual, Volumes 1–3, available at http://developer.intel.com/design/Pentium/documentation.htm (2007)

    Google Scholar 

  4. C. Cowan, M. Barringer, S. Beattie, G. Kroah-Hartman, M. Frantzen, J. Lokier: FormatGuard: Automatic protection from printf format string vulnerabilities, Proc. 10th USENIX Security Symp. (2001) pp. 191–200

    Google Scholar 

  5. D. Brumley, T. Chiueh, R. Johnson, H. Lin, D. Song: Efficient and accurate detection of integer-based attacks, Proc. 14th Annual Network and Distributed System Security Symp. (NDSS'07) (2007)

    Google Scholar 

  6. J. Pincus, B. Baker: Beyond stack smashing: recent advances in exploiting buffer overruns, IEEE Secur. Privacy 2(4), 20–27 (2004)

    Article  Google Scholar 

  7. M. Bailey, E. Cooke, F. Jahanian, D. Watson, J. Nazario: The blaster worm: Then and now, IEEE Secur. Privacy 03(4), 26–31 (2005)

    Article  Google Scholar 

  8. J.C. Foster: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research (Syngress Publishing, Burlington, MA 2007)

    Google Scholar 

  9. klog: The Frame Pointer Overwrite, Phrack 55 (1999)

    Google Scholar 

  10. D. Litchfield: Defeating the stack buffer overflow prevention mechanism of Microsoft Windows 2003 Server, available at http://www.nextgenss.com/papers/defeating-win-stack-protection.pdf (2003)

    Google Scholar 

  11. rix: Smashing C++ VPTRs, Phrack 56 (2000)

    Google Scholar 

  12. H. Shacham: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), Proc. 14th ACM Conf. on Computer and Communications Security (CCS'07) (2007) pp. 552–561

    Google Scholar 

  13. M. Howard: Lessons learned from the Animated Cursor Security Bug, available at http://blogs.msdn.com/sdl/archive/2007/04/26/lessonslearned-from-the-animated-cursor-securitybug.aspx (2007)

    Google Scholar 

  14. S. Chen, J. Xu, E.C. Sezer, P. Gauriar, R. Iyer: Noncontrol-data attacks are realistic threats, Proc. 14th USENIX Security Symp. (2005) pp. 177–192

    Google Scholar 

  15. E. Florio: GDIPLUS VULN – MS04-028 – CRASH TEST JPEG, full-disclosure at lists.netsys.com (2004)

    Google Scholar 

  16. G.S. Kc, A.D. Keromytis, V. Prevelakis: Countering code-injection attacks with instruction-set randomization, Proc. 10th ACM Conf. on Computer and Communications Security (CCS'03) (2003) pp. 272–280

    Google Scholar 

  17. M. Castro, M. Costa, T. Harris: Securing software by enforcing data-flow integrity, Proc. 7th Symp. on Operating Systems Design and Implementation (OSDI'06) (2006) pp. 147–160

    Google Scholar 

  18. J. Newsome, D. Song: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software, Proc. 12th Annual Network and Distributed System Security Symp. (NDSS'07) (2005)

    Google Scholar 

  19. Y. Younan, W. Joosen, F. Piessens: Code injection in C and C++: a survey of vulnerabilities and countermeasures, Technical Report CW386 (Departement Computerwetenschappen, Katholieke Universiteit Leuven, 2004)

    Google Scholar 

  20. Y. Younan: Efficient countermeasures for software vulnerabilities due to memory management errors, Ph.D. Thesis (2008)

    Google Scholar 

  21. C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks, Proc. 7th USENIX Security Symp. (1998) pp. 63–78

    Google Scholar 

  22. B. Bray: Compiler security checks in depth, available at http://msdn2.microsoft.com/en-us/library/aa290051(vs.71).aspx (2002)

    Google Scholar 

  23. M. Howard, M. Thomlinson: Windows Vista ISV Security, available at http://msdn2.microsoft.com/en-us/library/bb430720.aspx (2007)

    Google Scholar 

  24. H.Etoh,K.Yoda:ProPolice:improvedstack smashing attack detection, Trans. Inform. Process. Soc. Japan 43(12), 4034–4041 (2002)

    Google Scholar 

  25. M. Howard: Hardening stack-based buffer overrun detection in VC++ 2005 SP1, available at http://blogs.msdn.com/michael_howard/archive/2007/04/03/hardening-stack-based-bufferoverrun-detection-in-vc-2005-sp1.aspx (2007)

    Google Scholar 

  26. M. Abadi, M. Budiu, Ú. Erlingsson, J. Ligatti: Control-flow integrity, Proc. 12th ACM Conf. on Computer and Communications Security (CCS'05) (2005) pp. 340–353

    Google Scholar 

  27. M. Abadi, M. Budiu, Ú. Erlingsson, J. Ligatti: A theory of secure control flow, Proc. 7th Int. Conf. on Formal Engineering Methods (ICFEM'05) (2005) pp. 111–124

    Google Scholar 

  28. C. Small: A tool for constructing safe extensible C++ systems, Proc. 3rd Conf. on Object-Oriented Technologies and Systems (COOTS'97) (1997)

    Google Scholar 

  29. V. Kiriansky, D. Bruening, S. Amarasinghe: Secure execution via program shepherding, Proc. 11th USENIX Security Symp. (2002) pp. 191–206

    Google Scholar 

  30. R.J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems (John Wiley and Sons, New York, 2001)

    Google Scholar 

  31. PaX Project: The PaX Project, http://pax.grsecurity.net/ (2004)

    Google Scholar 

  32. M. Howard: Alleged bugs in Windows Vista's ASLR implementation, available at http://blogs.msdn.com/michael_howard/archive/2006/10/04/Alleged-Bugs-in-Windows-Vista_1920_s-ASLR-Implementation.aspx (2006)

    Google Scholar 

  33. H. Shacham, M. Page, B. Pfaff, E-J. Goh, N. Modadugu, D. Boneh: On the effectiveness of address-space randomization, Proc. 11th ACM Conf. on Computer and Communications Security (CCS'04) (2004) pp. 298–307

    Google Scholar 

  34. Wikipedia: x86-64, http://en.wikipedia.org/wiki/X86-64 (2007)

    Google Scholar 

  35. B. Littlewood, P. Popov, L. Strigini: Modeling software design diversity: A review, ACM Comput. Surv. 33(2), 177–208 (2001)

    Article  Google Scholar 

  36. S. Blazy, Z. Dargaye, X. Leroy: Formal verification of a C compiler front-end, Proc. 14th Int. Symp. on Formal Methods (FM'06), Vol.4085 (2006) pp. 460–475

    Google Scholar 

  37. X. Leroy: Formal certification of a compiler backend, or: programming a compiler with a proof assistant, Proc. 33rd Symp. on Principles of Programming Languages (POPL'06) (2006) pp. 42–54

    Google Scholar 

  38. R. Jones, P. Kelly: Backwards-compatible bounds checking for arrays and pointers in C programs, Proc. 3rd Int. Workshop on Automatic Debugging (1997) pp. 13–26

    Google Scholar 

  39. D. Dhurjati, V. Adve: Backwards-compatible array bounds checking for C with very low overhead, Proc. 28th Int. Conf. on Software Engineering (ICSE '06) (2006) pp. 162–171

    Google Scholar 

  40. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, M. Castro: Preventing memory error exploits with WIT, Proc. 2008 IEEE Symp. on Security and Privacy (2008) pp. 263–277

    Google Scholar 

  41. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, Y. Wang: Cyclone: a safe dialect of C, USENIX Annual Technical Conf. (2002) pp. 275–288

    Google Scholar 

  42. G.C. Necula, S. McPeak, W. Weimer: CCured: Type-safe retrofitting of legacy code, Proc. 29th ACM Symp. on Principles of Programming Languages (POPL'02) (2002) pp. 128–139

    Google Scholar 

  43. F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G.C. Necula, E. Brewer: SafeDrive: Safe and recoverable extensions using languagebased techniques, Proc. 7th conference on USENIX Symp. on Operating Systems Design and Implementation (OSDI'06) (2006) pp. 45–60

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Reykjavík University, Kringlan 1, 103, Reykjavík, Iceland

    Úlfar Erlingsson

  2. Department of Computer Science, Katholieke Universiteit Leuven, Celestijnenlaan 200A, 3001, Leuven, Belgium

    Yves Younan & Frank Piessens

Authors
  1. Úlfar Erlingsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yves Younan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technical University of Crete, 73132, Chania, Crete, Greece

    Peter Stavroulakis

  2. Dept. Computer Science, San Jose State University, One Washington Square, 95192, San Jose, CA, USA

    Mark Stamp

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Erlingsson, Ú., Younan, Y., Piessens, F. (2010). Low-Level Software Security by Example. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04117-4_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04116-7

  • Online ISBN: 978-3-642-04117-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation