Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2012: Research in Attacks, Intrusions, and Defenses pp 107–126Cite as

A Memory Access Validation Scheme against Payload Injection Attacks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7462))

Abstract

The authenticity of a piece of data or an instruction is crucial in mitigating threats from various forms of software attacks. In spite of various features against malicious attacks exploiting spurious data, adversaries have been successful in circumventing such protections. This paper proposes a memory access validation scheme that manages information on spurious data at the granularity of cache line size. A validation unit based on the proposed scheme answers queries from other components in the processor so that spurious data can be blocked before control flow diversion. We describe the design of this validation unit as well as its integration into the memory hierarchy of a modern processor and assess its memory requirement and performance impact with two simulators. The experimental results show that our scheme is able to detect the synthesized payload injection attacks and to manage taint information with moderate memory overhead under acceptable performance impact.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Etoh, H.: GCC extension for protecting applications from stack-smashing attacks, ProPolice (2003), http://www.trl.ibm.com/projects/security/ssp/

  2. Frantzen, M., Shuey, M.: Stackghost: Hardware facilitated stack protection. In: Proceedings of the 10th USENIX Security Symposium, pp. 55–66 (2001)

    Google Scholar 

  3. Lee, G., Tyagi, A.: Encoded program counter: Self-protection from buffer overflow attacks. In: International Conference on Internet Computing, pp. 387–394 (2000)

    Google Scholar 

  4. Park, Y.-J., Zhang, Z., Lee, G.: Microarchitectural protection against stack-based buffer overflow attacks. IEEE Micro 26, 62–71 (2006)

    Article  Google Scholar 

  5. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM (2004)

    Google Scholar 

  6. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15(1), 2:1–2:34 (2012)

    Article  Google Scholar 

  7. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 4:1–4:40 (2009)

    Article  Google Scholar 

  8. Crandall, J.R., Chong, F.T.: Minos: Control data attack prevention orthogonal to memory model. In: Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 37, pp. 221–232. IEEE Computer Society, Washington, DC (2004)

    Google Scholar 

  9. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. SIGARCH Comput. Archit. News 32, 85–96 (2004)

    Article  Google Scholar 

  10. Dalton, M., Kannan, H., Kozyrakis, C.: Raksha: a flexible information flow architecture for software security. SIGARCH Comput. Archit. News 35(2), 482–493 (2007)

    Article  Google Scholar 

  11. Kannan, H., Dalton, M., Kozyrakis, C.: Decoupling dynamic information flow tracking with a dedicated coprocessor. In: DSN, pp. 105–114 (2009)

    Google Scholar 

  12. Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: NDSS (2005)

    Google Scholar 

  13. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Not. 42, 89–100 (2007)

    Article  Google Scholar 

  14. Qin, F., Wang, C., Li, Z., Kim, H.-S., Zhou, Y., Wu, Y.: Lift: A low-overhead practical information flow tracking system for detecting security attacks. In: Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 39, pp. 135–148. IEEE Computer Society, Washington, DC (2006)

    Google Scholar 

  15. Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proc. of the 10th Network and Distributed System Security Symposium (February 2003)

    Google Scholar 

  16. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 559–572. ACM, New York (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Illinois at Chicago, Chicago, IL, 60607, USA

    Dongkyun Ahn

  2. Korea University, Seoul, Korea

    Gyungho Lee

Authors
  1. Dongkyun Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gyungho Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia Antipolis Cedex, France

    Davide Balzarotti

  2. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, M.C. 0401, 10027-7003, New York, NY, USA

    Salvatore J. Stolfo

  3. School of Computer Science, University of Birmingham, B15 2TT, Edgbaston, Birmingham, UK

    Marco Cova

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ahn, D., Lee, G. (2012). A Memory Access Validation Scheme against Payload Injection Attacks. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2012. Lecture Notes in Computer Science, vol 7462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33338-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33338-5_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33337-8

  • Online ISBN: 978-3-642-33338-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation