Skip to main content
SpringerLink
Log in

Code Pointer Masking: Hardening Applications against Code Injection Attacks

  • Conference paper
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6739))

Abstract

In this paper we present an efficient countermeasure against code injection attacks. Our countermeasure does not rely on secret values such as stack canaries and protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance. By enforcing the correct semantics of code pointers, we thwart attacks that modify code pointers to divert the application’s control flow. We have implemented a prototype of our solution in a C-compiler for Linux. The evaluation shows that the overhead of using our countermeasure is small and the security benefits are substantial.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. National Institute of Standards and Technology, National vulnerability database statistics, http://nvd.nist.gov/statistics.cfm

  2. Etoh, H., Yoda, K.: Protecting from stack-smashing attacks. tech. rep., IBM Research Divison (June 2000)

    Google Scholar 

  3. Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: Proceedings of the European Workshop on System Security (Eurosec), Nuremberg, Germany (March 2009)

    Google Scholar 

  4. Lhee, K.S., Chapin, S.J.: Buffer overflow and format string overflow vulnerabilities. Software: Practice and Experience 33, 423–460 (2003)

    Google Scholar 

  5. Bhatkar, S., Duvarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, USENIX Association (August 2003)

    Google Scholar 

  6. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (October 2004)

    Google Scholar 

  7. Gadaleta, F., Younan, Y., Joosen, W.: BuBBle: A javascript engine level countermeasure against heap-spraying attacks. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 1–17. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Wojtczuk, R.: Defeating solar designer non-executable stack patch. Posted on the Bugtraq mailinglist (February 1998)

    Google Scholar 

  9. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561. ACM Press, Washington, D.C., U.S.A (2007)

    Google Scholar 

  10. Skape, Skywing.: Bypassing windows hardware-enforced data execution prevention (Uninformed) vol. 2 (September 2005)

    Google Scholar 

  11. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM, Alexandria (2005)

    Google Scholar 

  12. Younan, Y., Pozza, D., Piessens, F., Joosen, W.: Extended protection against stack smashing attacks without performance loss. In: Proceedings of the Twenty-Second Annual Computer Security Applications Conference (ACSAC 2006), pp. 429–438. IEEE Press, Los Alamitos (2006)

    Chapter  Google Scholar 

  13. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, USENIX Association, San Antonio (1998)

    Google Scholar 

  14. Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th USENIX Security Symposium, pp. 91–104. USENIX Association (August 2003)

    Google Scholar 

  15. Henning, J.L.: Spec cpu2000: Measuring cpu performance in the new millennium. Computer 33, 28–35 (2000)

    Article  Google Scholar 

  16. Erlingsson, U.: Low-level software security: Attacks and defenses. Tech. Rep. MSR-TR-2007-153, Microsoft Research (2007)

    Google Scholar 

  17. Younan, Y., Joosen, W., Piessens, F.: Runtime countermeasures for code injection attacks against c and c++ programs. ACM Computing Surveys (2010)

    Google Scholar 

  18. Oiwa, Y., Sekiguchi, T., Sumii, E., Yonezawa, A.: Fail-safe ANSI-C compiler: An approach to making C programs secure: Progress report. In: Proceedings of International Symposium on Software Security (November 2002)

    Google Scholar 

  19. Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th USENIX Security Symposium, Montreal, QC (August 2009)

    Google Scholar 

  20. Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: An efficient pointer arithmetic checker for c programs. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), ACM, Bejing (2010)

    Google Scholar 

  21. The PaX Team, Documentation for the PaX project.

    Google Scholar 

  22. Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanović, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 281–289. ACM, New York (2003)

    Chapter  Google Scholar 

  23. Chiueh, T., Hsu, F.H.: RAD: A compile-time solution to buffer overflow attacks. In: Proceedings of the 21st International Conference on Distributed Computing Systems, pp. 409–420. IEEE Computer Society, Phoenix (2001)

    Chapter  Google Scholar 

  24. Mccamant, S., Morrisett, G.: Evaluating SFI for a CISC architecture. In: Proceedings of the 15th USENIX Security Symposium, USENIX Association, Vancouver (2006)

    Google Scholar 

  25. Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, USENIX Association, San Francisco (August 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DistriNet Research Group, Belgium

    Pieter Philippaerts, Yves Younan, Stijn Muylle & Frank Piessens

  2. DOCOMO Euro-Labs, Germany

    Sven Lachmund & Thomas Walter

Authors
  1. Pieter Philippaerts
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yves Younan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stijn Muylle
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sven Lachmund
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Thomas Walter
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ar-beits-grup-pe "Em-bed-ded Mal-wa-re", Ruhr-Uni-ver-si-tät Bo-chum, Uni-ver-si-täts-stras-se 150, 44801, Bochum, Germany

    Thorsten Holz

  2. Vrije Universiteit Amsterdam, 1081, Amsterdam, The Netherlands

    Herbert Bos

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Philippaerts, P., Younan, Y., Muylle, S., Piessens, F., Lachmund, S., Walter, T. (2011). Code Pointer Masking: Hardening Applications against Code Injection Attacks. In: Holz, T., Bos, H. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2011. Lecture Notes in Computer Science, vol 6739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22424-9_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22424-9_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22423-2

  • Online ISBN: 978-3-642-22424-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation