The vast majority of today's security vulnerabilities, accounting for as much as 88% of US-CERT advisories in the past few years, are caused by memory errors such as buffer overflows, heap overflows, integer overflows, and format-string bugs. Previous research has developed techniques for preventing known attack classes exploiting these vulnerabilities. However, attackers quickly developed alternative exploits to circumvent these protections. In contrast to these approaches, comprehensive memory error detection techniques can help track down memory-related bugs, as well as provide full runtime protection from known and future exploits of buffer overflows. However, they typically introduce very high overheads, slowing down programs by a factor of 2 or more; or require significant modifications to existing code that is too expensive in practice. In contrast, we develop low-overhead techniques that can provide probabilistic protection against all memory error exploits, while preserving full code compatibility. Our techniques are based on automated software diversity. In this dissertation, we undertake a systematic study of possible automated transformations that can defeat memory error exploits, and develop (a) address space randomization, which disrupts exploits by making it difficult to predict the object that would be overwritten as a result of a memory corruption attack, and (b) data space randomization , which randomizes the interpretation of overwritten data. These randomization techniques make the effect of memory-error exploits non-deterministic, with only a very small chance of success. Thus, an attacker is forced to make several attack attempts, and each failed attempt typically results in crashing the victim program thereby making it easy to detect the attack. Our implementation approaches are based on automatic source-level or (where feasible) binary-level transformations. We present experimental results on several large pieces of software.
|School:||State University of New York at Stony Brook|
|School Location:||United States -- New York|
|Source:||DAI-B 69/11, Dissertation Abstracts International|
|Keywords:||Buffer overflows, Memory errors, Randomization, Software diversity|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be