Code Pointer Masking: Hardening Applications against Code Injection Attacks
نویسندگان
چکیده
In this paper we present an efficient countermeasure against code injection attacks. Our countermeasure does not rely on secret values such as stack canaries and protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance. By enforcing the correct semantics of code pointers, we thwart attacks that modify code pointers to divert the application’s control flow. We have implemented a prototype of our solution in a C-compiler for Linux. The evaluation shows that the overhead of using our countermeasure is small and the security benefits are substantial.
منابع مشابه
ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities
Modern web applications are increasingly moving program code to the client in the form of JavaScript. With the growing adoption of HTML5APIs such as postMessage, client-side validation (CSV) vulnerabilities are consequently becoming increasingly important to address as well. However, while detecting and preventing attacks against web applications is a well-studied topic on the server, considera...
متن کاملAddress Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity
Memory corruption vulnerabilities not only allow modification of control data and injection of malicious payloads; they also allow adversaries to reconnoiter a diversified program, customize a payload, and ultimately bypass code randomization defenses. In response, researchers have proposed and built various leakage-resilient defenses against code reuse. Leakage-resilient defenses use memory pr...
متن کاملOn Hermitian LCD codes from cyclic codes and their applications to orthogonal direct sum masking
Cyclic codes are an interesting type of linear codes and have wide applications in communication and storage systems due to their efficient encoding and decoding algorithms. It was proved that asymptotically good Hermitian LCD codes exist. The objective of this paper is to construct some cyclic Hermitian LCD codes over finite fields and analyse their parameters. The dimensions of these codes ar...
متن کاملSide channel parameter characteristics of code injection attacks
Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. T...
متن کاملDefining Injection Attacks
This paper defines and analyzes injection attacks. The definition is based on the NIE property, which states that an application’s untrusted inputs must only produce Noncode Insertions or Expansions in output programs (e.g., SQL queries). That is, when applications generate output programs based on untrusted inputs, the NIE property requires that inputs only affect output programs by inserting ...
متن کامل