论文信息 - Dynamic code instrumentation to detect and recover from return address corruption

Dynamic code instrumentation to detect and recover from return address corruption

Return address corruption on the stack using buffer overflow attacks is one of the most common ways in which the security of a system can be compromised. This paper provides a way of detecting return address corruption on the stack using dynamic code instrumentation. The detection is done at run-time and it does not depend on the availability of source code of the vulnerable application. The approach we are presenting is not limited only to buffer overflows, rather it can handle any kind of return address corruption. Furthermore, cases in which recovery from stack corruption is possible and the mechanisms for recovery in such cases have also been discussed.

[1] Vijay Janapa Reddi,et al. PIN: a binary instrumentation tool for computer architecture research and education , 2004, WCAE '04.

[2] Navjot Singh,et al. Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[3] Derek Bruening,et al. Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[4] Tzi-cker Chiueh,et al. A Binary Rewriting Defense Against Stack based Buffer Overflow Attacks , 2003, USENIX Annual Technical Conference, General Track.

[5] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .

[6] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[7] Jack W. Davidson,et al. Strata: A Software Dynamic Translation Infrastructure , 2001 .

[8] Galen C. Hunt,et al. Detours: binary interception of Win32 functions , 1999 .