Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization

2014 17th International Conference on Computer and Information Technology (ICCIT) Pub Date : 2014-12-22 DOI:10.1109/ICIT.2014.57

K. S. Kumar, Raghu Neelisetti

{"title":"Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization","authors":"K. S. Kumar, Raghu Neelisetti","doi":"10.1109/ICIT.2014.57","DOIUrl":null,"url":null,"abstract":"To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or more of the following problems: high run time overheads (often exceeding 100%), incompatibility with legacy C and C++ code, not sufficiently fine grained randomization of memory layout and the inability to perform randomization at run time rather than compile time or link time or load time. While security through diversity is a promising technique to defend against large scale cyber attacks, existing techniques are susceptible to information leakage and brute-force attacks, in addition to the short comings indicated above. To overcome the above indicated drawbacks, in this paper we propose Function Frame Run time Randomization (FFRR) technique. FFRR offers memory layout randomization at run time and performs randomization at the level of individual variables on the stack.","PeriodicalId":6486,"journal":{"name":"2014 17th International Conference on Computer and Information Technology (ICCIT)","volume":"54 1","pages":"184-189"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 17th International Conference on Computer and Information Technology (ICCIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIT.2014.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or more of the following problems: high run time overheads (often exceeding 100%), incompatibility with legacy C and C++ code, not sufficiently fine grained randomization of memory layout and the inability to perform randomization at run time rather than compile time or link time or load time. While security through diversity is a promising technique to defend against large scale cyber attacks, existing techniques are susceptible to information leakage and brute-force attacks, in addition to the short comings indicated above. To overcome the above indicated drawbacks, in this paper we propose Function Frame Run time Randomization (FFRR) technique. FFRR offers memory layout randomization at run time and performs randomization at the level of individual variables on the stack.

查看原文本刊更多论文

通过运行时内存布局随机化防止缓冲区溢出攻击

迄今为止，已经提出了许多全面的技术来防御缓冲攻击。尽管这一领域的研究仍在继续，但软件中的安全漏洞仍在不断被发现和利用。这是因为现有的保护技术存在以下一个或多个问题:高运行时开销(通常超过100%)，与遗留的C和c++代码不兼容，内存布局没有足够细粒度的随机化，无法在运行时执行随机化，而不是在编译时、链接时或加载时执行随机化。虽然多样性安全是防御大规模网络攻击的一种很有前途的技术，但现有技术除了上述缺点外，还容易受到信息泄露和暴力攻击的影响。为了克服上述缺点，本文提出了函数帧运行时随机化(FFRR)技术。FFRR在运行时提供内存布局随机化，并在堆栈上的单个变量级别执行随机化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 17th International Conference on Computer and Information Technology (ICCIT)

自引率

0.00%

发文量