Learning Fine-Grained Structured Input for Memory Corruption Detection
نویسندگان
چکیده
Inputs to many application and server programs contain rich and consistent structural information. The propagation of such input in program execution could serve as accurate and reliable signatures for detecting memory corruptions. In this paper, we propose a novel approach to detect memory corruptions at the binary level. The basic insight is that different parts of an input are usually processed in different ways, e.g., by different instructions. Identifying individual parts in an input and learning the pattern in which they are processed is an attractive approach to detect memory corruptions. We propose a fine-grained dynamic taint analysis system to detect different fields in an input and monitor the propagation of these fields, and show that deviations from the execution pattern learned signal a memory corruption. We implement a prototype of our system and demonstrate its success in detecting a number of memory corruption attacks in the wild. In addition, we evaluate the overhead of our system and discuss its advantages over existing approaches and limitations.
منابع مشابه
Handling Memory Corruption Faults In Sensor Networks
Typical sensor nodes use resource constrained micro-controllers where user level applications, operating system components, device drivers, etc., reside within a single address space with no form of memory protection. A programming error in an application can easily corrupt the state of the operating system and other software components on the node. To protect against such errors, we propose a ...
متن کاملFine-Grained Control-Flow Integrity Through Binary Hardening
Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. We present Lockdown, a modular,...
متن کاملDetile: Fine-Grained Information Leak Detection in Script Engines
Memory disclosure attacks play an important role in the exploitation of memory corruption vulnerabilities. By analyzing recent research, we observe that bypasses of defensive solutions that enforce control-flow integrity or attempt to detect return-oriented programming require memory disclosure attacks as a fundamental first step. However, research lags behind in detecting such information leak...
متن کاملControl-Flow Bending: On the Effectiveness of Control-Flow Integrity
Control-Flow Integrity (CFI) is a defense which prevents control-flow hijacking attacks. While recent research has shown that coarse-grained CFI does not stop attacks, fine-grained CFI is believed to be secure. We argue that assessing the effectiveness of practical CFI implementations is non-trivial and that common evaluation metrics fail to do so. We then evaluate fullyprecise static CFI — the...
متن کاملLearning from input and memory evolution: points of vulnerability on a pathway to mastery in word learning.
Word learning consists of at least two neurocognitive processes: learning from input during training and memory evolution during gaps between training sessions. Fine-grained analysis of word learning by normal adults provides evidence that learning from input is swift and stable, whereas memory evolution is a point of potential vulnerability on the pathway to mastery. Moreover, success during l...
متن کامل