Defeating Memory Corruption Attacks via Pointer Taintedness Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Shuo Chen Articles by Jun Xu Articles by Nithin Nakka Articles by Zbigniew Kalbarczyk Articles by Ravishankar K. Iyer

2005 International Conference on Dependable Systems and Networks (DSN'05)

Yokohama, Japan

June 28-July 01

ISBN: 0-7695-2282-3

	ASCII Text	x
	Shuo Chen, Jun Xu, Nithin Nakka, Zbigniew Kalbarczyk, Ravishankar K. Iyer, "Defeating Memory Corruption Attacks via Pointer Taintedness Detection," Dependable Systems and Networks, International Conference on, pp. 378-387, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005.

	BibTex	x
	@article{ 10.1109/DSN.2005.36, author = {Shuo Chen and Jun Xu and Nithin Nakka and Zbigniew Kalbarczyk and Ravishankar K. Iyer}, title = {Defeating Memory Corruption Attacks via Pointer Taintedness Detection}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2005}, isbn = {0-7695-2282-3}, pages = {378-387}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2005.36}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Defeating Memory Corruption Attacks via Pointer Taintedness Detection SN - 0-7695-2282-3 SP378 EP387 A1 - Shuo Chen, A1 - Jun Xu, A1 - Nithin Nakka, A1 - Zbigniew Kalbarczyk, A1 - Ravishankar K. Iyer, PY - 2005 KW - Security KW - Attack KW - Vulnerability KW - Taintedness KW - Hardware Design VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Shuo Chen, University of Illinois at Urbana-Champaign

Jun Xu, North Carolina State University

Nithin Nakka, University of Illinois at Urbana-Champaign

Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign

Ravishankar K. Iyer, University of Illinois at Urbana-Champaign

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/DSN.2005.36

Most malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network applications without tampering with any control data. These non-control data attacks represent a new challenge to system security. In this paper, we propose an architectural technique to defeat both control data and non-control data attacks based on the notion of pointer taintedness. A pointer is said to be tainted if user input can be used as the pointer value. A security attack is detected whenever a tainted value is dereferenced during program execution. The proposed architecture is implemented on the SimpleScalar processor simulator and is evaluated using synthetic programs as well as real-world network applications. Our technique can effectively detect both control data and non-control data attacks, and it offers better security coverage than current methods. The proposed architecture is transparent to existing programs.

Index Terms:

Security, Attack, Vulnerability, Taintedness, Hardware Design

Citation:

Shuo Chen, Jun Xu, Nithin Nakka, Zbigniew Kalbarczyk, Ravishankar K. Iyer, "Defeating Memory Corruption Attacks via Pointer Taintedness Detection," dsn, pp.378-387, 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.