A New Mechanism for OS Security: Selective Checking of Shared Library Calls for Security
نویسندگان
چکیده
This paper presents a systematic solution to the serious problem of GOT/PLT exploitation attacks. A large class of security mechanisms has been defeated by those attacks. While some security mechanisms are concerned with preventing GOT/PLT exploitation attacks, however, they are not complete against GOT/PLT exploitation attacks or the considerable performance decline occurs. We describe the selective checking of shared library calls, called SCC. The SCC dynamically relocates a program’s Global Offset Table (GOT) and checks whether the accesses via Procedure Linkage Table (PLT) are legal. The SCC is implemented by modifying only the Linux dynamic loader, hence it is transparent to applications and easily deployable. In experiment results, we show that the SCC is effective in defeating against GOT/PLT exploitation attacks and is the mechanism with the very low runtime overhead.
منابع مشابه
vLibOS: Babysitting OS Evolution with a Virtualized Library OS
Many applications have service requirements that are not easily met by existing operating systems. Real-time and security-critical tasks, for example, often require custom OSes to meet their needs. However, development of special purpose OSes is a time-consuming and difficult exercise. Drivers, libraries and applications have to be written from scratch or ported from existing sources. Many rese...
متن کاملTesting the IPC Protocol for a Real-Time Operating System
In this paper, we adapt model-based testing techniques to concurrent code, namely for test generations of an (industrial) OS kernel called PikeOS. Since our data-models are complex, the problem is out of reach of conventional model-checking techniques. Our solution is based on symbolic execution implemented inside the interactive theorem proving environment Isabelle/HOL extended by a plugin wit...
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملA Mechanism for Detecting and Identifying DoS attack in VANET
VANET (Vehicular Ad-hoc Network) which is a hy- brid network (combination of infrastructure and infra- structure-less networks) is an emergent technology with promising future as well as great challenges especially in security. By the other hand this type of network is very sensible to safety problem. This paper focuses on a new mechanism for DoS (denial of service) attacks on the physical and ...
متن کاملA Mechanism for Detecting and Identifying DoS attack in VANET
VANET (Vehicular Ad-hoc Network) which is a hy- brid network (combination of infrastructure and infra- structure-less networks) is an emergent technology with promising future as well as great challenges especially in security. By the other hand this type of network is very sensible to safety problem. This paper focuses on a new mechanism for DoS (denial of service) attacks on the physical and ...
متن کامل