Run-time Detection of Heap-based Overflows
نویسندگان
چکیده
Buffer overflows belong to the most common class of attacks on today’s Internet. Although stack-based variants are still by far more frequent and well-understood, heap-based overflows have recently gained more attention. Several real-world exploits have been published that corrupt heap management information and allow arbitrary code execution with the privileges of the victim process. This paper presents a technique that protects the heap management information and allows for run-time detection of heap-based overflows. We discuss the structure of these attacks and our proposed detection scheme that has been implemented as a patch to the GNU Lib C. We report the results of our experiments, which demonstrate the detection effectiveness and performance impact of our approach. In addition, we discuss different mechanisms to deploy the memory protection.
منابع مشابه
HeapShield: Library-Based Heap Overflow Protection for Free
While numerous approaches have been proposed to prevent stack overflows, heap overflows remain both a security vulnerability and a frequent source of bugs. Previous approaches to preventing these overflows require source code or can slow programs down by a factor of two or more. We present HeapShield, an approach that prevents all library-based heap overflows at runtime. It works with arbitrary...
متن کاملTowards Efficient Heap Overflow Discovery
Heap overflow is a prevalent memory corruption vulnerability, playing an important role in recent attacks. Finding such vulnerabilities in applications is thus critical for security. Many state-of-art solutions focus on runtime detection, requiring abundant inputs to explore program paths in order to reach a high code coverage and luckily trigger security violations. It is likely that the input...
متن کاملSTACKFENCES: A Run-Time Approach for Detecting Stack Overflows
This paper describes StackFences, a run-time technique for detecting overflows in local variables in C programs. This technique is different from all others developed so far because it tries to detect explicit overflow occurrences, instead of detecting if a particular stack value, namely a return address, was corrupted because of a stack overflow. Thus, StackFences is useful not only for detect...
متن کاملDetecting Heap Smashing Attacks through Fault Containment Wrappers
Buffer overflow attacks are a major cause of security breaches in modern operating systems. Not only are overflows of buffers on the stack a security threat, overflows of buffers kept on the heap can be too. A malicious user might be able to hijack the control flow of a root-privileged program if the user can initiate an overflow of a buffer on the heap when this overflow overwrites a function ...
متن کاملA Taxonomy of Buffer Overflows for Evaluating Static and Dynamic Software Testing Tools*
A taxonomy that uses twenty-two attributes to characterize Cprogram overflows was used to construct 291 small C-program test cases that can be used to diagnostically determine the basic capabilities of static and dynamic analysis buffer overflow detection tools. Attributes in the taxonomy include the buffer location (e.g. stack, heap, data region, BSS, shared memory); scope difference between b...
متن کامل