Skip to main content
Article thumbnail
Location of Repository

FORMAL FRAMEWORK AND TOOLS TO DERIVE EFFICIENT APPLICATION-LEVEL DETECTORS AGAINST MEMORY CORRUPTION ATTACKS BY

By Flore Qin-yu Yuan

Abstract

Memory corruptions figure significantly in currently-observed security attacks. The many protection mechanisms which have been proposed to fight against them can be broadly classified into two categories: those that focus on preventing vulnerabilities from being exploited (canary value, libsafe) and those that focus on preventing important data (e.g. return address, critical variable) from being overwritten by attackers (IFS, taintedness tracking, WIT, random memory layout). As the range of vulnerabilities increases, we believe that protecting all vulnerabilities with specific techniques begins to be unrealistic; consequently, we wish to focus on the second category. This thesis proposes to use an existing formal tool, SymPLAID, to find the minimum set of critical memory locations one needs to protect. The analysis results are also used to derive selective detectors which are guaranteed to detect a given attack model. We demonstrate the methodology by deriving application-specific detectors which are guaranteed to detect all attacks where the attacker's goal is to corrupt the application's end result by modifying one memory location. Very few well-placed detectors are needed to get a 100 % coverage for the given attack model. ii Acknowledgment

Year: 2011
OAI identifier: oai:CiteSeerX.psu:10.1.1.188.5472
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • https://www.ideals.illinois.ed... (external link)
  • https://www.ideals.illinois.ed... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.