Dissertation/Thesis Abstract

Defeating memory error exploits using automated software diversity
by Bhatkar, Sandeep, Ph.D., State University of New York at Stony Brook, 2007, 123; 3337612
Abstract (Summary)

The vast majority of today's security vulnerabilities, accounting for as much as 88% of US-CERT advisories in the past few years, are caused by memory errors such as buffer overflows, heap overflows, integer overflows, and format-string bugs. Previous research has developed techniques for preventing known attack classes exploiting these vulnerabilities. However, attackers quickly developed alternative exploits to circumvent these protections. In contrast to these approaches, comprehensive memory error detection techniques can help track down memory-related bugs, as well as provide full runtime protection from known and future exploits of buffer overflows. However, they typically introduce very high overheads, slowing down programs by a factor of 2 or more; or require significant modifications to existing code that is too expensive in practice. In contrast, we develop low-overhead techniques that can provide probabilistic protection against all memory error exploits, while preserving full code compatibility. Our techniques are based on automated software diversity. In this dissertation, we undertake a systematic study of possible automated transformations that can defeat memory error exploits, and develop (a) address space randomization, which disrupts exploits by making it difficult to predict the object that would be overwritten as a result of a memory corruption attack, and (b) data space randomization , which randomizes the interpretation of overwritten data. These randomization techniques make the effect of memory-error exploits non-deterministic, with only a very small chance of success. Thus, an attacker is forced to make several attack attempts, and each failed attempt typically results in crashing the victim program thereby making it easy to detect the attack. Our implementation approaches are based on automatic source-level or (where feasible) binary-level transformations. We present experimental results on several large pieces of software.

Indexing (document details)
School: State University of New York at Stony Brook
School Location: United States -- New York
Source: DAI-B 69/11, Dissertation Abstracts International
Subjects: Computer science
Keywords: Buffer overflows, Memory errors, Randomization, Software diversity
Publication Number: 3337612
ISBN: 9780549914082
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy