Abstract
In this paper we present an efficient countermeasure against code injection attacks. Our countermeasure does not rely on secret values such as stack canaries and protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance. By enforcing the correct semantics of code pointers, we thwart attacks that modify code pointers to divert the application’s control flow. We have implemented a prototype of our solution in a C-compiler for Linux. The evaluation shows that the overhead of using our countermeasure is small and the security benefits are substantial.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
National Institute of Standards and Technology, National vulnerability database statistics, http://nvd.nist.gov/statistics.cfm
Etoh, H., Yoda, K.: Protecting from stack-smashing attacks. tech. rep., IBM Research Divison (June 2000)
Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: Proceedings of the European Workshop on System Security (Eurosec), Nuremberg, Germany (March 2009)
Lhee, K.S., Chapin, S.J.: Buffer overflow and format string overflow vulnerabilities. Software: Practice and Experience 33, 423–460 (2003)
Bhatkar, S., Duvarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, USENIX Association (August 2003)
Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (October 2004)
Gadaleta, F., Younan, Y., Joosen, W.: BuBBle: A javascript engine level countermeasure against heap-spraying attacks. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 1–17. Springer, Heidelberg (2010)
Wojtczuk, R.: Defeating solar designer non-executable stack patch. Posted on the Bugtraq mailinglist (February 1998)
Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561. ACM Press, Washington, D.C., U.S.A (2007)
Skape, Skywing.: Bypassing windows hardware-enforced data execution prevention (Uninformed) vol. 2 (September 2005)
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM, Alexandria (2005)
Younan, Y., Pozza, D., Piessens, F., Joosen, W.: Extended protection against stack smashing attacks without performance loss. In: Proceedings of the Twenty-Second Annual Computer Security Applications Conference (ACSAC 2006), pp. 429–438. IEEE Press, Los Alamitos (2006)
Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, USENIX Association, San Antonio (1998)
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th USENIX Security Symposium, pp. 91–104. USENIX Association (August 2003)
Henning, J.L.: Spec cpu2000: Measuring cpu performance in the new millennium. Computer 33, 28–35 (2000)
Erlingsson, U.: Low-level software security: Attacks and defenses. Tech. Rep. MSR-TR-2007-153, Microsoft Research (2007)
Younan, Y., Joosen, W., Piessens, F.: Runtime countermeasures for code injection attacks against c and c++ programs. ACM Computing Surveys (2010)
Oiwa, Y., Sekiguchi, T., Sumii, E., Yonezawa, A.: Fail-safe ANSI-C compiler: An approach to making C programs secure: Progress report. In: Proceedings of International Symposium on Software Security (November 2002)
Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th USENIX Security Symposium, Montreal, QC (August 2009)
Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: An efficient pointer arithmetic checker for c programs. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), ACM, Bejing (2010)
The PaX Team, Documentation for the PaX project.
Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanović, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 281–289. ACM, New York (2003)
Chiueh, T., Hsu, F.H.: RAD: A compile-time solution to buffer overflow attacks. In: Proceedings of the 21st International Conference on Distributed Computing Systems, pp. 409–420. IEEE Computer Society, Phoenix (2001)
Mccamant, S., Morrisett, G.: Evaluating SFI for a CISC architecture. In: Proceedings of the 15th USENIX Security Symposium, USENIX Association, Vancouver (2006)
Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proceedings of the 11th USENIX Security Symposium, USENIX Association, San Francisco (August 2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Philippaerts, P., Younan, Y., Muylle, S., Piessens, F., Lachmund, S., Walter, T. (2011). Code Pointer Masking: Hardening Applications against Code Injection Attacks. In: Holz, T., Bos, H. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2011. Lecture Notes in Computer Science, vol 6739. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22424-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-22424-9_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22423-2
Online ISBN: 978-3-642-22424-9
eBook Packages: Computer ScienceComputer Science (R0)