Abstract
Over the past several years, US-CERT advisories, as well as most critical updates from software vendors, have been due to memory corruption vulnerabilities such as buffer overflows, heap overflows, etc. Several techniques have been developed to defend against the exploitation of these vulnerabilities, with the most promising defenses being based on randomization. Two randomization techniques have been explored so far: address space randomization (ASR) that randomizes the location of objects in virtual memory, and instruction set randomization (ISR) that randomizes the representation of code. We explore a third form of randomization called data space randomization (DSR) that randomizes the representation of data stored in program memory. Unlike ISR, DSR is effective against non-control data attacks as well as code injection attacks. Unlike ASR, it can protect against corruption of non-pointer data as well as pointer-valued data. Moreover, DSR provides a much higher range of randomization (typically 232 for 32-bit data) as compared to ASR. Other interesting aspects of DSR include (a) it does not share a weakness common to randomization-based defenses, namely, susceptibility to information leakage attacks, and (b) it is capable of detecting some exploits that are missed by full bounds-checking techniques, e.g., some of the overflows from one field of a structure to the next field. Our implementation results show that with appropriate design choices, DSR can achieve a performance overhead in the range of 5% to 30% for a range of programs.
This research is supported in part by an ONR grant N000140710928 and an NSF grant CNS-0627687. This work was part of the first author’s Ph.D. work ? completed at Stony Brook University.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity - principles, implementations, and applications. In: ACM conference on Computer and Communications Security (CCS), Alexandria, VA (November 2005)
Akritidis, P., Cadar, C., Raiciu, C., Costa, M., Castro, M.: Preventing memory error exploits with wit. In: IEEE Symposium on Security and Privacy ( May 2008)
Andersen, L.O.: Program analysis and specialization for the C programming language. PhD Thesis, DIKU, University of Copenhagen (May 1994), ftp.diku.dk/pub/diku/semantics/papers/D-203.dvi.Z
Austin, T.M., Breach, S.E., Sohi, G.S.: Efficient detection of all pointer and array access errors. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Orlando, Florida, pp. 290–301 (June 1994)
Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: USENIX Annual Technical Conference, Berkeley, CA, pp. 251–262 (June 2000)
Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanović, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: ACM conference on Computer and Communications Security (CCS), Washington, DC (October 2003)
Berger, E.D., Zorn, B.G.: DieHard: Probabilistic memory safety for unsafe languages. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, Ottawa, Canada, pp. 158–168 (June 2006)
Bhatkar, S.: Defeating memory error exploits using automated software diversity. Ph.D. Thesis, Stony Brook University (September 2007), http://seclab.cs.sunysb.edu/seclab/pubs/thesis/sandeep.pdf
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: USENIX Security Symposium (August 2003)
Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: USENIX Security Symposium, Baltimore, MD (August 2005)
Bruschi, D., Cavallaro, L., Lanzi, A.: Diversified process replicae for defeating memory error exploits. In: International Workshop on Information Assurance (WIA) (April 2007)
Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA (November 2006)
Chen, S., Xu, J., Sezer, E.C.: Non-control-hijacking attacks are realistic threats. In: USENIX Security Symposium (2005)
Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization. Technical Report CMU-CS-02-197, Carnegie Mellon University (December 2002)
Chiueh, T., Hsu, F.: RAD: A compile-time solution to buffer overflow attacks. In: IEEE International Conference on Distributed Computing Systems, Phoenix, Arizona (April 2001)
Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: USENIX Security Symposium (2001)
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting pointers from buffer overflow vulnerabilities. In: USENIX Security Symposium, Washington, DC (August 2003)
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX Security Symposium, San Antonio, Texas, pp. 63–78 (January 1998)
Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: A secretless framework for security through diversity. In: USENIX Security Symposium (August 2006)
Dhurjati, D., Adve, V.: Backwards-compatible array bounds checking for c with very low overhead. In: International Conference on Software Engineering (2006)
Emami, M., Ghiya, R., Hendren, L.J.: Context-sensitive interprocedural points-to analysis in the presence of function pointers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 242–256 (June 1994)
Etoh, H., Yoda, K.: Protecting from stack-smashing attacks (June 2000), http://www.trl.ibm.com/projects/security/ssp/main.html
Forrest, S., Somayaji, A., Ackley, D.H.: Building diverse computer systems. In: Workshop on Hot Topics in Operating Systems, pp. 67–72. IEEE Computer Society Press, Los Alamitos (1997)
Hind, M.: Pointer analysis: Haven’t we solved this problem yet? In: ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (2001)
Hind, M., Burke, M., Carini, P., Choi, J.-D.: Interprocedural pointer alias analysis. In: ACM Transactions on Programming Languages and Systems (TOPLAS) (July 1999)
Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: International Workshop on Automated and Algorithmic Debugging, pp. 13–26 (1997)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: ACM conference on Computer and Communications Security (CCS), Washington, DC, pp. 272–280 (October 2003)
Li, L., Just, J., Sekar, R.: Address-space randomization for windows systems. In: Annual Computer Security Applications Conference (ACSAC) (December 2006)
McPeak, S., Necula, G.C., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for C program analysis and transformation. In: Conference on Compiler Construction (2002)
Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: ACM Symposium on Principles of Programming Languages (POPL) (January 2002)
Novark, G., Berger, E.D., Zorn, B.G.: Exterminator: Automatically correcting memory errors with high probability. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, San Diego, CA, pp. 1–11 (June 2007)
PaX (2001), http://pax.grsecurity.net
Ramalingam, G.: The undecidability of aliasing. ACM Transactions on Programming Languages and Systems (TOPLAS) 16(5), 1467–1471 (1994)
Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Network and Distributed System Security Symposium, San Diego, CA, pp. 159–169 (February 2004)
Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: ACM conference on Computer and Communications Security (CCS), Washington, DC, pp. 298–307 (October 2004)
Steensgaard, B.: Points-to analysis by type inference of programs with structures and unions. In: Gyimóthy, T. (ed.) CC 1996. LNCS, vol. 1060, pp. 136–150. Springer, Heidelberg (1996)
Steensgaard, B.: Points-to analysis in almost linear time. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 32–41 (January 1996)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy (May 2001)
Wilson, R.P., Lam, M.S.: Efficient context-sensitive pointer analysis for C programs. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (1995)
Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent runtime randomization for security. In: Symposium on Reliable and Distributed Systems (SRDS), Florence, Italy (October 2003)
Xu, W., DuVarney, D.C., Sekar, R.: An efficient and backwards-compatible transformation to ensure memory safety of C programs. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, Newport Beach, CA (November 2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bhatkar, S., Sekar, R. (2008). Data Space Randomization . In: Zamboni, D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2008. Lecture Notes in Computer Science, vol 5137. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70542-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-70542-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70541-3
Online ISBN: 978-3-540-70542-0
eBook Packages: Computer ScienceComputer Science (R0)