Preventing overflow attacks by memory randomization

Vivek Iyer, Amit Kanitkar, Partha Dasgupta, Raghunathan Srinivasan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

Buffer overflow is known to be a common memory vulnerability affecting software. It is exploited to gain various kinds of privilege escalation. C and C++ are very commonly used to develop applications; due to the efficient "unmanaged" executions these languages are not safe. These attacks are highly successful as every executing copy of a shipped binary is the same. This work presents two approaches to randomizing the memory layout which does not require modifications at the developer end. Both techniques are implemented at the user-end machines and have no requirement for source code. The feasibility of the two techniques is shown by randomizing complex applications and demonstrating that the run-time penalty for the randomization schemes is very less.

Original languageEnglish (US)
Title of host publicationProceedings - 2010 IEEE 21st International Symposium on Software Reliability Engineering, ISSRE 2010
Pages339-347
Number of pages9
DOIs
StatePublished - Dec 1 2010
Event2010 IEEE 21st International Symposium on Software Reliability Engineering, ISSRE 2010 - San Jose, CA, United States
Duration: Nov 1 2010Nov 4 2010

Publication series

NameProceedings - International Symposium on Software Reliability Engineering, ISSRE
ISSN (Print)1071-9458

Other

Other2010 IEEE 21st International Symposium on Software Reliability Engineering, ISSRE 2010
CountryUnited States
CitySan Jose, CA
Period11/1/1011/4/10

    Fingerprint

Keywords

  • Buffer overflow
  • Heap randomization
  • Software diversity
  • Stack randomization

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Iyer, V., Kanitkar, A., Dasgupta, P., & Srinivasan, R. (2010). Preventing overflow attacks by memory randomization. In Proceedings - 2010 IEEE 21st International Symposium on Software Reliability Engineering, ISSRE 2010 (pp. 339-347). [5635066] (Proceedings - International Symposium on Software Reliability Engineering, ISSRE). https://doi.org/10.1109/ISSRE.2010.22