Base Address Recognition with Data Flow Tracking for Injection Attack Detection

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Satoshi Katsunuma Articles by Hiroyuki Kurita Articles by Ryota Shioya Articles by Kazuto Shimizu Articles by Hidetsugu Irie Articles by Masahiro Goshima Articles by Shuichi Sakai

12th Pacific Rim International Symposium on Dependable Computing (PRDC'06)

Riverside, California

December 18-December 20

ISBN: 0-7695-2724-8

	ASCII Text	x
	Satoshi Katsunuma, Hiroyuki Kurita, Ryota Shioya, Kazuto Shimizu, Hidetsugu Irie, Masahiro Goshima, Shuichi Sakai, "Base Address Recognition with Data Flow Tracking for Injection Attack Detection," Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 165-172, 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06), 2006.

	BibTex	x
	@article{ 10.1109/PRDC.2006.22, author = {Satoshi Katsunuma and Hiroyuki Kurita and Ryota Shioya and Kazuto Shimizu and Hidetsugu Irie and Masahiro Goshima and Shuichi Sakai}, title = {Base Address Recognition with Data Flow Tracking for Injection Attack Detection}, journal ={Pacific Rim International Symposium on Dependable Computing, IEEE}, volume = {0}, year = {2006}, isbn = {0-7695-2724-8}, pages = {165-172}, doi = {http://doi.ieeecomputersociety.org/10.1109/PRDC.2006.22}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Pacific Rim International Symposium on Dependable Computing, IEEE TI - Base Address Recognition with Data Flow Tracking for Injection Attack Detection SN - 0-7695-2724-8 SP165 EP172 A1 - Satoshi Katsunuma, A1 - Hiroyuki Kurita, A1 - Ryota Shioya, A1 - Kazuto Shimizu, A1 - Hidetsugu Irie, A1 - Masahiro Goshima, A1 - Shuichi Sakai, PY - 2006 KW - security KW - vulnerability KW - injection attack KW - base address KW - data flow tracking VL - 0 JA - Pacific Rim International Symposium on Dependable Computing, IEEE ER -

Satoshi Katsunuma, University of Tokyo

Hiroyuki Kurita, University of Tokyo

Ryota Shioya, University of Tokyo

Kazuto Shimizu, University of Tokyo

Hidetsugu Irie, Japan Science and Technology Agency

Masahiro Goshima, University of Tokyo

Shuichi Sakai, University of Tokyo

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PRDC.2006.22

Vulnerabilities such as buffer overflows exist in some programs, and such vulnerabilities are susceptible to address injection attacks. The input data tracking method, which was proposed before, prevents I-data, which are the data derived from the input data, being used as addresses. However, the rules to determine address injection attacks are vague, which produces many false-positives and falsenegatives in detection results. Generally, the data used as an address consist of a base address and an address offset. We propose an architectural technique to prevent Idata overwriting B-data, which are the data used as base addresses in this paper. It dynamically recognizes the Idata and the B-data. Address injection is detected if I-data that are not B-data are used as addresses. We implemented the proposed technique on a Pentium-based Bochs emulator and investigated its detection capability. I believe that the technique is the most accurate injection detection technique proposed thus far.

Index Terms:

security, vulnerability, injection attack, base address, data flow tracking

Citation:

Satoshi Katsunuma, Hiroyuki Kurita, Ryota Shioya, Kazuto Shimizu, Hidetsugu Irie, Masahiro Goshima, Shuichi Sakai, "Base Address Recognition with Data Flow Tracking for Injection Attack Detection," prdc, pp.165-172, 12th Pacific Rim International Symposium on Dependable Computing (PRDC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.