Carlo Bellettini, Julian L. Rrushi
Citation
Carlo Bellettini, Julian L. Rrushi. "Memory Corruption Attacks, Defenses, and Evasions". Jatinder N. D. Gupta, Sushil K. Sharma (eds.), 12, 139-151, 1st, Information Science, 2008.
Abstract
The chapter introduces and describes representative defense mechanisms to protect from both basic and advanced exploitation of low-level coding vulnerabilities. Exploitation of low-level coding vulnerabilities has evolved from a basic stack-based buffer overflow with code injection to highly sophisticated attack techniques. In addition, pure-data attacks were demonstrated to be as efficient as control-data attacks and quite realistic. On the other hand research on assessment of the robustness of proposed mitigation techniques revealed various weaknesses in them leading to design and implementation of evasion techniques. Most of the defensive techniques protect only from a limited set of attack techniques, thus a defense employment requires multiple complementary mitigation
techniques. Furthermore, there are few mitigation techniques designed to counter pure-data attacks. In response to these limitations, current research proposes better defensive mechanisms such as pointer taintedness detection and attack data burning capable of countering any kind of control-data or pure-data attack.
Electronic downloads
(No downloads are available for this publication.)
| Citation formats |
- HTML
Carlo Bellettini, Julian L. Rrushi. <a href="http://www.truststc.org/pubs/468.html" ><i>Memory Corruption Attacks, Defenses, and Evasions</i></a>, Jatinder N. D. Gupta, Sushil K. Sharma (eds.), 12, 139-151, 1st, Information Science, 2008.
- Plain text
Carlo Bellettini, Julian L. Rrushi. "Memory Corruption Attacks, Defenses, and Evasions". Jatinder N. D. Gupta, Sushil K. Sharma (eds.), 12, 139-151, 1st, Information Science, 2008.
- BibTeX
@inbook{BellettiniRrushi08_MemoryCorruptionAttacksDefensesEvasions, author = {Carlo Bellettini and Julian L. Rrushi}, editor = {Jatinder N. D. Gupta, Sushil K. Sharma}, title = {Memory Corruption Attacks, Defenses, and Evasions}, chapter = {12}, pages = {139-151}, edition = {1st}, publisher = {Information Science}, year = {2008}, abstract = {The chapter introduces and describes representative defense mechanisms to protect from both basic and advanced exploitation of low-level coding vulnerabilities. Exploitation of low-level coding vulnerabilities has evolved from a basic stack-based buffer overflow with code injection to highly sophisticated attack techniques. In addition, pure-data attacks were demonstrated to be as efficient as control-data attacks and quite realistic. On the other hand research on assessment of the robustness of proposed mitigation techniques revealed various weaknesses in them leading to design and implementation of evasion techniques. Most of the defensive techniques protect only from a limited set of attack techniques, thus a defense employment requires multiple complementary mitigation techniques. Furthermore, there are few mitigation techniques designed to counter pure-data attacks. In response to these limitations, current research proposes better defensive mechanisms such as pointer taintedness detection and attack data burning capable of countering any kind of control-data or pure-data attack.}, URL = {http://www.truststc.org/pubs/468.html} }
Posted by Julian L. Rrushi on 30 Aug 2008.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.