Research on Randomization and Memory Error Detection

In spite of the attention received by buffer overflows from software vendors and security researchers, they remain as one of the most commonly reported software vulnerabilities today. Worse, they account for an overwhelming majority of "critical vulnerabilities" being reported today.

Early research targeted specific exploit types such as stack-smashing, but attackers soon discovered alternative ways to exploit memory errors. Thus, our focus is on developing defenses that can defend against a wide range of memory errors. In this context, we developed the address-space randomization (ASR) technique  [27], which we subsequently extended to Windows  [20]. This technique provided protection against most memory corruption attacks as they rely on information about the absolute adress of most memory objects. However, there is a class of data attacks that rely on relative distances between objects, and these attacks are likely to become significant as ASR begins to be widely deployed. To counter this threat, we developed the relative-address randomization technique  [23].

Recently, we developed an orthogonal approach for randomization called Data-Space Randomization  [18] that overcomes one of the main drawbacks of ASR, namely, low entropy. Unlike ASR, which has the effect of protecting pointer-valued data, DSR uses randomization to protect all types of data, thus providing a systematic defense against not only the control-flow hijack attacks but all data attacks as well. In addition, DSR is more resilient to so-called information-leakage attacks.

There are plenty of reasons to focus on memory errors, as they not only lead to exploits, but also to a majority of software faults experienced in the field. To counter this broader problem, techniques are need to detect all memory errors, as opposed to just the small subset that is exploited in attacks. In this context, we developed an efficient technique that was backwards compatible with existing software, while providing significantly better performance than previous techniques in its class  [25]. Our ongoing research explores alternative techniques that represent different trade-offs between runtime performance, backwards compatibility, and the range of errors detected.

Related Publications

[1]  Accurate Disassembly of Complex Binaries Without Use of Compiler Metadata

Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) February, 2024.

[2]  SAFER: Efficient and Error-Tolerant Binary Instrumentation

Soumyakant Priyadarshan, Huan Nguyen, Rohit Chouhan and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2023.

[3]  Practical Fine-Grained Binary Code Randomization

Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2020. (Talk on YouTube).

[4]  On the Impact of Exception Handling Compatibility on Binary Instrumentation

Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
Workshop on Forming an Ecosystem Around Software Transformation (FEAST) November, 2020.

[5]  Code-Pointer Integrity

Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar and Dawn Song
The Continuing Arms Race: Code-Reuse Attacks and Defenses (Morgan-Claypool and ACM Press) January, 2018.

[6]  Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks

Mingwei Zhang, Michalis Polychronakis and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2017.

[7]  Code-Pointer Integrity

Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar and Dawn Song
USENIX Operating System Design and Implementation (OSDI) October, 2014.

[8]  Eternal War in Memory

Laszlo Szekeres, Mathias Payer, Tao Wei and R. Sekar
IEEE Security and Privacy Magazine (S&P Magazine) May, 2014.

[9]  A Platform for Secure Static Binary Instrumentation

Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.

[10]  Control Flow Integrity for COTS Binaries

Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.

[11]  SoK: Eternal War in Memory

Laszlo Szekeres, Mathias Payer, Tao Wei and Dawn Song
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.

[12]  Protecting Function Pointers in Binary

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant and Laszlo Szekeres
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2013.

[13]  Practical Control Flow Integrity and Randomization for Binary Executables

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song and Wei Zou
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.

[14]  Light-weight Bounds Checking

Niranjan Hasabnis, Ashish Misra and R. Sekar
ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2012.

[15]  PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs

Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens and Wouter Joosen
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010.

[16]  Online Signature Generation for Windows Systems

Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.

[17]  Practical Techniques for Regeneration and Immunization of COTS Applications

Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.

[18]  Data Space Randomization

Sandeep Bhatkar and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.

[19]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking

Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.

[20]  Address-Space Randomization for Windows Systems

Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.

[21]  Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models

Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).

[22]  Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers

Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).

[23]  Efficient Techniques for Comprehensive Protection from Memory Error Exploits

Sandeep Bhatkar, R. Sekar and Daniel DuVarney
USENIX Security Symposium (USENIX Security) August, 2005.

[24]  Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper)

Zhenkai Liang, R. Sekar and Daniel DuVarney
USENIX Annual Technical Conference (USENIX) April, 2005.

[25]  An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs

Wei Xu, Daniel DuVarney and R. Sekar
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004.

[26]  SELF: a Transparent Security Extension for ELF Binaries

Daniel DuVarney, V.N. Venkatakrishnan and Sandeep Bhatkar
New Security Paradigms Workshop (NSPW) August, 2003.

[27]  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits

Sandeep Bhatkar, Daniel DuVarney and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2003.

Research Areas

Research Problems

Local Search