Research on Randomization and Memory Error Detection
In spite of the attention received by buffer overflows from software vendors and security researchers, they remain as one of the most commonly reported software vulnerabilities today. Worse, they account for an overwhelming majority of "critical vulnerabilities" being reported today.
Early research targeted specific exploit types such as stack-smashing, but attackers soon discovered alternative ways to exploit memory errors. Thus, our focus is on developing defenses that can defend against a wide range of memory errors. In this context, we developed the address-space randomization (ASR) technique [11], which we subsequently extended to Windows [4]. This technique provided protection against most memory corruption attacks as they rely on information about the absolute adress of most memory objects. However, there is a class of data attacks that rely on relative distances between objects, and these attacks are likely to become significant as ASR begins to be widely deployed. To counter this threat, we developed the relative-address randomization technique [7].
Recently, we developed an orthogonal approach for randomization called Data-Space Randomization [3] that overcomes one of the main drawbacks of ASR, namely, low entropy. Unlike ASR, which has the effect of protecting pointer-valued data, DSR uses randomization to protect all types of data, thus providing a systematic defense against not only the control-flow hijack attacks but all data attacks as well. In addition, DSR is more resilient to so-called information-leakage attacks.
There are plenty of reasons to focus on memory errors, as they not only lead to exploits, but also to a majority of software faults experienced in the field. To counter this broader problem, techniques are need to detect all memory errors, as opposed to just the small subset that is exploited in attacks. In this context, we developed an efficient technique that was backwards compatible with existing software, while providing significantly better performance than previous techniques in its class [9]. Our ongoing research explores alternative techniques that represent different trade-offs between runtime performance, backwards compatibility, and the range of errors detected.
Related Publications
- [1] Online Signature Generation for Windows Systems
- , and
Annual Computer Security Applications Conference (ACSAC) December, 2009. - [2] Practical Techniques for Regeneration and Immunization of COTS Applications
- , , , and
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009. - [3] Data Space Randomization
- and
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. - [4] Address-Space Randomization for Windows Systems
- , and
Annual Computer Security Applications Conference (ACSAC) December, 2006. - [5] Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
- and
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.). - [6] Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
- and
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.). - [7] Efficient Techniques for Comprehensive Protection from Memory Error Exploits
- , and
USENIX Security Symposium (USENIX Security) August, 2005. - [8] Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper)
- , and
USENIX Annual Technical Conference (USENIX) April, 2005. - [9] An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
- , and
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004. - [10] SELF: a Transparent Security Extension for ELF Binaries
- , and
New Security Paradigms Workshop (NSPW) August, 2003. - [11] Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
- , and
USENIX Security Symposium (USENIX Security) August, 2003.