Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization
To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or mor...
Uloženo v:
| Vydáno v: | 2014 International Conference on Information Technology s. 184 - 189 |
|---|---|
| Hlavní autoři: | , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
01.12.2014
|
| Témata: | |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or more of the following problems: high run time overheads (often exceeding 100%), incompatibility with legacy C and C++ code, not sufficiently fine grained randomization of memory layout and the inability to perform randomization at run time rather than compile time or link time or load time. While security through diversity is a promising technique to defend against large scale cyber attacks, existing techniques are susceptible to information leakage and brute-force attacks, in addition to the short comings indicated above. To overcome the above indicated drawbacks, in this paper we propose Function Frame Run time Randomization (FFRR) technique. FFRR offers memory layout randomization at run time and performs randomization at the level of individual variables on the stack. |
|---|---|
| AbstractList | To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or more of the following problems: high run time overheads (often exceeding 100%), incompatibility with legacy C and C++ code, not sufficiently fine grained randomization of memory layout and the inability to perform randomization at run time rather than compile time or link time or load time. While security through diversity is a promising technique to defend against large scale cyber attacks, existing techniques are susceptible to information leakage and brute-force attacks, in addition to the short comings indicated above. To overcome the above indicated drawbacks, in this paper we propose Function Frame Run time Randomization (FFRR) technique. FFRR offers memory layout randomization at run time and performs randomization at the level of individual variables on the stack. |
| Author | Kisore, N. Raghu Kumar, K. Shiva |
| Author_xml | – sequence: 1 givenname: K. Shiva surname: Kumar fullname: Kumar, K. Shiva email: kshivakumar@idrbt.ac.in organization: Sch. of Comput. & Inf. Sci., Univ. of Hyderabad, Hyderabad, India – sequence: 2 givenname: N. Raghu surname: Kisore fullname: Kisore, N. Raghu email: nraghukisore@idrbt.ac.in organization: Inst. for Dev. & Res. in Banking Technol., Hyderabad, India |
| BookMark | eNotzLtOwzAUAFAjwUALGxuLfyDBrzjOWCIekYKKqsJaOc51a9HYyHFA4esBwXS2s0CnPnhA6IqSnFJS3TR1s80ZoSIvyhO0oKKsKkUUV-fo9TmGBCa54LHea-fHhG8nayHi9QdEewyfeJWSNm8jTocYpv0Bbyaf3AD4CYYQZ9zqOUwJb7Tvw-C-9O91gc6sPo5w-e8SvdzfbevHrF0_NPWqzRwTRcoM6ZlVTBrNjaG95VpVTAHvbccqorrOcml7JjopqBFESlkYYQCY_UHwgi_R9d_rAGD3Ht2g47wrCeecVvwbhAZOmg |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ICIT.2014.57 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE/IET Electronic Library IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 1479980838 9781479980833 9781479980840 1479980846 |
| EndPage | 189 |
| ExternalDocumentID | 7033319 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i245t-c0d2f826ca3cc1df3a8928e3dfb2908bbf36fd24b641c406665c4cee2fc4c4353 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 1 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000380457800033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Thu Jun 29 18:37:52 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i245t-c0d2f826ca3cc1df3a8928e3dfb2908bbf36fd24b641c406665c4cee2fc4c4353 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_7033319 |
| PublicationCentury | 2000 |
| PublicationDate | 2014-Dec. |
| PublicationDateYYYYMMDD | 2014-12-01 |
| PublicationDate_xml | – month: 12 year: 2014 text: 2014-Dec. |
| PublicationDecade | 2010 |
| PublicationTitle | 2014 International Conference on Information Technology |
| PublicationTitleAbbrev | ICOIT |
| PublicationYear | 2014 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.5609431 |
| Snippet | To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 184 |
| SubjectTerms | Generators Hardware Internet large scale cyber-attack Layout Libraries memory randomization program stack Security Software |
| Title | Protection against Buffer Overflow Attacks through Runtime Memory Layout Randomization |
| URI | https://ieeexplore.ieee.org/document/7033319 |
| WOSCitedRecordID | wos000380457800033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA61ePCk0opvcvBo2n1kd5OjFosFraVU6a3kMZGC7kqbVfrvTXaXiuDFU0IuCZMJk0m-bz6ErhRQCEViCHDJCZWhJgKYJJmRUqokEiytxSay8ZjN53zSQtdbLgwAVOAz6Plu9ZevC1X6p7K-88449jU-d7IsrblaWyw7748Go5nHatFe8lsrpQoVw_3_TXKAuj-cOzzZRpND1IK8g14mdRkFZzwsXl0Sv7b4tvSSJvjJ-aB5K77wjbWeJ48bxR089eIP74AfPYZ2gx_EpigtnopcF-8N6bKLnod3s8E9aZQQyDKiiSUq0JFxiYASsVKhNrFgPGIQayMjHjApTZwaHVGZ0lBRn5IkiroFR8Y17kIUH6F2XuRwjLAIUxAh6NQdPgrK8ECKJJBgWGB88a4T1PE2WXzUxS4WjTlO_x4-Q3ve4jW-4xy17aqEC7SrPu1yvbqsdugbg7SYhw |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LSwMxEA5FBT2ptOLbHDyadh_JdveoxdJiW0up0lvJYyIFuyttVum_N9ldKoIXTwm5JEwmTCb5vvkQupVAwedME0hEQqjwFeEQC9LWQgjJAh5HpdhEezSKZ7NkXEN3Wy4MABTgM2i6bvGXrzKZu6eylvXOMHQ1PnedchYr2VpbNHvS6nf6U4fWok32Wy2lCBbdw_9Nc4QaP6w7PN7Gk2NUg7SOXsdlIQVrPszfbBq_Nvghd6Im-Nl6oX7PvvC9MY4pjyvNHTxx8g9LwEOHot3gAd9kucETnqpsWdEuG-il-zjt9EilhUAWAWWGSE8F2qYCkodS-kqHPE6CGEKlRZB4sRA6jLQKqIioL6lLSpikdsGBto29EoUnaCfNUjhFmPsRcB9UZI8fBakTT3DmCdCxp135rjNUdzaZf5TlLuaVOc7_Hr5B-73pcDAf9EdPF-jAWb9Ee1yiHbPK4QrtyU-zWK-ui936BqW1m9I |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2014+International+Conference+on+Information+Technology&rft.atitle=Protection+against+Buffer+Overflow+Attacks+through+Runtime+Memory+Layout+Randomization&rft.au=Kumar%2C+K.+Shiva&rft.au=Kisore%2C+N.+Raghu&rft.date=2014-12-01&rft.pub=IEEE&rft.spage=184&rft.epage=189&rft_id=info:doi/10.1109%2FICIT.2014.57&rft.externalDocID=7033319 |