Comprehensive Memory Error Protection via Diversity and Taint-Tracking

of the Dissertation Comprehensive Memory Error Protection via Diversity and Taint-Tracking by Lorenzo Cavallaro Doctor of Philosophy in Computer Science Università degli Studi di Milano 2007 Memory errors in C and C++ programs are one of the oldest classes of vulnerabilities. Attackers have been exploiting these errors since late 80’s and these issues are still a real and concrete threat. To date, several countermeasures to combat memory error vulnerabilities have been proposed. They cover a broad range of Computer Science disciplines, going from safe programming language solutions, anomaly detection approaches, and information-flow (also known as taint analysis) based strategies, to techniques that modify the underlying compiler, the operating system and underlying hardware, and system libraries. Among the others, transformation techniques which aim to provide artificial diversity, or are based on taint analysis approaches, seem to be the most promising and effective against a broad class of memory error vulnerabilities. Unfortunately, as protection mechanisms improve, so do the attacks, and existing transformation techniques which aim to provide artificial diversity or to perform taint analysis either cannot deal with all the memory errors, or they provide only probabilistic protection (e.g., artificial diversity) or, again, they have a high rate of false positives when dealing with some memory error vulnerabilities (e.g., pointer and non-pointer data corruption). This dissertation aims to provide comprehensive solutions to memory error vulnerabilities. Recognizing the effectiveness of the aforementioned diversity, taint-tracking, and anomaly-based detection strategies,