2016 19th International Conference on Network-Based Information Systems (NBIS) (2016)
Ostrava, Czech Republic
Sept. 7, 2016 to Sept. 9, 2016
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/NBiS.2016.11
Memory corruption vulnerability is prevalent in software that are written using languages that lack memory safety features, e.g., C and C++. This has become a serious problem because the number of the attacks that exploit this vulnerability has increased. More specifically, this vulnerability allows control-flow-hijacking, a memory corruption attack that involves a well-known dangerous program stack. Several countermeasures have been proposed both in academia and the information technology industry to thwart such attacks. Some of these countermeasures have been implemented and used in practice. However, memory corruption attacks continue to be a serious problem because even these countermeasures are simply bypassed by new attacks. In this paper, we survey and classify protection and mitigation technologies that are especially pervasive in operating systems and compilers. This study aims to organize the pervasive countermeasures against these attacks. We present the existing countermeasures to address the current serious problem and propose modifications to these countermeasures that can be implemented in the future.
Linux, Kernel, Buffer overflows, Libraries, Entropy, Program processors
Takamichi Saito, Ryohei Watanabe, Shuta Kondo, Shota Sugawara, Masahiro Yokoyama, "A Survey of Prevention/Mitigation against Memory Corruption Attacks", 2016 19th International Conference on Network-Based Information Systems (NBIS), vol. 00, no. , pp. 500-505, 2016, doi:10.1109/NBiS.2016.11