Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization

To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or more of the following problems: high run time overheads (often exceeding 100%), incompatibility with legacy C and C++ code, not sufficiently fine grained randomization of memory layout and the inability to perform randomization at run time rather than compile time or link time or load time. While security through diversity is a promising technique to defend against large scale cyber attacks, existing techniques are susceptible to information leakage and brute-force attacks, in addition to the short comings indicated above. To overcome the above indicated drawbacks, in this paper we propose Function Frame Run time Randomization (FFRR) technique. FFRR offers memory layout randomization at run time and performs randomization at the level of individual variables on the stack.

[1]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[2]  Partha Dasgupta,et al.  Preventing Overflow Attacks by Memory Randomization , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[3]  S. Bhatkar,et al.  Data Space Randomization , 2008, DIMVA.

[4]  Dongyan Xu,et al.  Polymorphing Software by Randomizing Data Structure Layout , 2009, DIMVA.

[5]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[6]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[7]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[8]  Dan Boneh,et al.  Address space randomization for mobile devices , 2011, WiSec '11.

[9]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[10]  Matt Bishop,et al.  A Taxonomy of Buffer Overflow Characteristics , 2012, IEEE Transactions on Dependable and Secure Computing.

[11]  Kyung-Suk Lhee,et al.  Buffer overflow and format string overflow vulnerabilities , 2003, Softw. Pract. Exp..

[12]  Gerardo Richarte Four dierent tricks to bypass StackShield and StackGuard protection , 2002, WWW 2002.

[13]  David H. Ackley,et al.  Randomized instruction set emulation to disrupt binary code injection attacks , 2003, CCS '03.

[14]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[15]  Tadashi Dohi,et al.  Estimating Computer Virus Propagation Based on Markovian Arrival Processes , 2010, 2010 IEEE 16th Pacific Rim International Symposium on Dependable Computing.