Abstract
This tutorial paper considers the issues of low-level software security from a language-based perspective, with the help of concrete examples. Four examples of low-level software attacks are covered in full detail; these examples are representative of the major types of attacks on C and C++ software that is compiled into machine code. Six examples of practical defenses against those attacks are also covered in detail; these defenses are selected because of their effectiveness, wide applicability, and low enforcement overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Protection in programming-language translations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 868–883. Springer, Heidelberg (1998), Also Digital Equipment Corporation Systems Research Center report No. 154 (April 1998)
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-Flow Integrity: Principles, implementations, and applications. In: Proceedings of the ACM Conference on Computer and Communications Security (2005), Also as Microsoft Research Technical Report MSR-TR-05-18 (February 2005)
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: A theory of secure control flow. In: Proceedings of the 7th International Conference on Formal Engineering Methods (2005), Also as Microsoft Research Technical Report MSR-TR-05-17 (May 2005)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2001)
Bailey, M., Cooke, E., Jahanian, F., Watson, D., Nazario, J.: The Blaster worm: Then and now. IEEE Security and Privacy 03(4), 26–31 (2005)
Blazy, S., Dargaye, Z., Leroy, X.: Formal verification of a C compiler front-end. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 460–475. Springer, Heidelberg (2006)
Bray, B.: Compiler security checks in depth (2002), http://msdn2.microsoft.com/en-us/library/aa290051vs.71.aspx
Brumley, D., Chiueh, T.C., Johnson, R., Lin, H., Song, D.: Efficient and accurate detection of integer-based attacks. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 2007) (February 2007)
Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: USENIX 2006: Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation, Berkeley, CA, USA, USENIX Association, pp. 11–11 (2006)
Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.: Non-control-data attacks are realistic threats. In: Proceedings of the Usenix Security Symposium, pp. 177–192 (2005)
Intel Corporation: Intel IA-32 architecture, software developer’s manual, vol. 1–3 (2007), http://developer.intel.com/design/Pentium4/documentation.htm
Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., Lokier, J.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: Proceedings of the Usenix Security Symposium (2001)
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: Protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the Usenix Security Symposium, pp. 91–104 (2003)
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the Usenix Security Symposium, pp. 63–78 (1998)
Etoh, H., Yoda, K.: ProPolice—improved stack smashing attack detection. IPSJ SIGNotes Computer Security (CSEC) (14 October 2001)
Florio, E.: GDIPLUS VULN - MS04-028 - CRASH TEST JPEG (September 15, 2004), Forum message sent, www.full-disclosureatlists.netsys.com
Forrest, S., Somayaji, A., Ackley, D.: Building diverse computer systems. In: HOTOS ’97: Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), p. 67. IEEE Computer Society, Washington, DC (1997)
Foster, J.C.: Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research. Syngress Publishing (2007)
Howard, M.: Alleged bugs in Windows Vistas ASLR implementation (2006), http://blogs.msdn.com/michael_howard/archive/2006/10/04/Alleged-Bugs-in-Windows-Vista_1920_s-ASLR-Implementation.aspx
Howard, M.: Protecting against pointer subterfuge (redux) (2006), http://blogs.msdn.com/michael_howard/archive/2006/08/16/702707.aspx
Howard, M.: Hardening stack-based buffer overrun detection in VC++ 2005 SP1 (2007), http://blogs.msdn.com/michael_howard/archive/2007/04/03/hardening-stack-based-buffer-overrun-detection-in-vc-2005-sp1.aspx
Howard, M.: Lessons learned from the animated cursor security bug (2007), http://blogs.msdn.com/sdl/archive/2007/04/26/lessons-learned-from-the-animated-cursor-security-bug.aspx
Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press, Redmond, WA (2006)
Howard, M., Thomlinson, M.: Windows Vista ISV security (April 2007), http://msdn2.microsoft.com/en-us/library/bb430720.aspx
Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of C. In: Proceedings of the Usenix Technical Conference, pp. 275–288 (2002)
Johns, M., Beyerlein, C.: SMask: Preventing injection attacks in Web applications by approximating automatic data/code separation. In: SAC 2007: Proceedings of the 2007 ACM symposium on Applied computing, pp. 284–291. ACM Press, New York (2007)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 272–280. ACM Press, New York (2003)
Kennedy, A.: Securing the .NET programming model. special issue of Theoretical Computer Science. In: Earlier version presented at APPSEM II Workshop, in Munich, Germany, September 12-15, 2005 (to appear, 2007)
Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proceedings of the Usenix Security Symposium, pp. 191–206 (2002)
Klog.: The frame pointer overwrite. Phrack 9(55) (1999)
Leroy, X.: Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In: 33rd symposium Principles of Programming Languages, pp. 42–54. ACM Press, New York (2006)
Litchfield, D.: Defeating the stack buffer overflow prevention mechanism of Microsoft Windows 2003 Server (2003), http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf
Littlewood, B., Popov, P., Strigini, L.: Modeling software design diversity: a review. ACM Comput. Surv. 33(2), 177–208 (2001)
Livshits, B., Erlingsson, Ú.: Using Web application construction frameworks to protect against code injection attacks. In: PLAS 2007: Proceedings of the 2007 workshop on Programming languages and analysis for security, pp. 95–104. ACM Press, New York (2007)
Necula, G.C., McPeak, S., Weimer, W.: CCured: Type-safe retrofitting of legacy code. In: Proceedings of the 29th ACM Symposium on Principles of Programming Languages, pp. 128–139 (2002)
Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2007) (February 2005)
PaX Project: The PaX project (2004), http://pax.grsecurity.net/
Pincus, J., Baker, B.: Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy 2(4), 20–27 (2004)
Pucella, R., Schneider, F.B.: Independence from obfuscation: A semantic framework for diversity. In: CSFW 2006: Proceedings of the 19th IEEE workshop on Computer Security Foundations, pp. 230–241. IEEE Computer Society, Washington, DC (2006), Expanded version available as Cornell University Computer Science Department Technical Report TR 2006-2016
Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: submission (2006), http://hovav.net/dist/geometry.pdf
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 298–307. ACM Press, New York (2004)
Small, C.: A tool for constructing safe extensible C++ systems. In: Proceedings of the 3rd Conference on Object-Oriented Technologies and Systems (1997)
Spafford, E.H.: The Internet worm program: An analysis. SIGCOMM Comput. Commun. Rev. 19(1), 17–57 (1989)
Wikipedia: x86-64 (2007), http://en.wikipedia.org/wiki/X86-64
Zhou, F., Condit, J., Anderson, Z., Bagrak, I., Ennals, R., Harren, M., Necula, G., Brewer, E.: SafeDrive: Safe and recoverable extensions using language-based techniques. In: USENIX 2006: Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation, Berkeley, CA, USA, USENIX Association, pp. 4–4 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Erlingsson, Ú. (2007). Low-Level Software Security: Attacks and Defenses. In: Aldini, A., Gorrieri, R. (eds) Foundations of Security Analysis and Design IV. FOSAD FOSAD 2007 2006. Lecture Notes in Computer Science, vol 4677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74810-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-74810-6_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74809-0
Online ISBN: 978-3-540-74810-6
eBook Packages: Computer ScienceComputer Science (R0)