Skip to main content
SpringerLink
Log in

Safe Trans Loader: Mitigation and Prevention of Memory Corruption Attacks for Released Binaries

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11049))

Included in the following conference series:

Abstract

A variety of countermeasures against memory corruption attacks have been proposed to implement within compilers, linkers, operating systems, and libraries. However, according to our survey, a certain number of executable binaries in Linux distributions are not protected by the countermeasures, even when the countermeasures are applied to these binaries. Further, the countermeasures have some problems including the way of application, the scope of attacks, and the runtime overhead. For example, some require source code or need to update the kernel or specific libraries. These requirements are not acceptable for everyone. In this paper, we propose an application-level loader called Safe Trans Loader (STL) that mitigates or prevents memory corruption attacks. The STL can be applied to already released executable binaries in an operational phase. Note that the STL replaces vulnerable library functions with safe substitute functions when it loads the protected binary. These safe substitute functions mitigate or prevent stack-based buffer overflow attacks, heap-based buffer overflow attacks, and use-after-free attacks. Since the STL has minimal dependencies on the execution environment, it does not require specific changes to the existing operating system or library. Further, through our evaluation, the runtime overhead of the STL is only 1.24%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Akritidis, P.: Cling: a memory allocator to mitigate dangling pointers. In: Proceedings of the 19th USENIX Conference on Security. In: USENIX Security 2010, p. 12 (2010)

    Google Scholar 

  2. Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 51–66 (2009)

    Google Scholar 

  3. Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2000, p. 21 (2000)

    Google Scholar 

  4. Bittau, A., Belay, A., Mashtizadeh, A., Mazières, D., Boneh, D.: Hacking blind. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 227–242 (2014)

    Google Scholar 

  5. Bosman, E., Slowinska, A., Bos, H.: Minemu: the world’s fastest taint tracker. In: Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID 2011, pp. 1–20 (2011)

    Google Scholar 

  6. Chen, X., Slowinska, A., Andriesse, D., Bos, H., Giuffrida, C.: StackArmor: comprehensive protection from stack-based memory error vulnerabilities for binaries. In: NDSS (2015)

    Google Scholar 

  7. CVE: CVE-2009-2957. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957

  8. CVE: CVE-2013-4256. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4256

  9. CVE: CVE-2017-14492. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492

  10. CVE: CVE-2017-14493. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493

  11. CWE: CWE-121: Stack-based buffer overflow. http://cwe.mitre.org/data/definitions/121.html

  12. CWE: CWE-122: Heap-based buffer overflow. http://cwe.mitre.org/data/definitions/122.html

  13. CWE: CWE-416: Use after free. http://cwe.mitre.org/data/definitions/416.html

  14. Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 40–51 (2011)

    Google Scholar 

  15. Dhurjati, D., Adve, V.: Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings of the 28th International Conference on Software Engineering, ICSE 2006, pp. 162–171 (2006)

    Google Scholar 

  16. Hiser, J., Nguyen-Tuong, A. Co, M., Hall, M., Davidson, J.W.: ILR: where’d my gadgets go? In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 571–585 (2012)

    Google Scholar 

  17. Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proceedings of the 3rd International Workshop on Automatic Debugging (AADEBUG 1997), no. 1, pp. 13–26 (1997)

    Google Scholar 

  18. Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI 2014, pp. 147–163 (2014)

    Google Scholar 

  19. Lee, B., et al.: Preventing use-after-free with dangling pointers nullification. In: NDSS (2015)

    Google Scholar 

  20. Microsoft: A Detailed Description of the Data Execution Prevention (DEP) Feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in

  21. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. SIGPLAN Not. 44(6), 245–258 (2009)

    Article  Google Scholar 

  22. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. SIGPLAN Not. 45(8), 31–40 (2010)

    Google Scholar 

  23. Novark, G., Berger, E.D.: DieHarder: securing the heap. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 573–584 (2010)

    Google Scholar 

  24. OSDev: Buffer overflow protection. https://wiki.osdev.org/Stack_Smashing_Protector

  25. PaX: ASLR (Address Space Layout Randomization) - of PaX (2003). http://pax.grsecurity.net/docs/aslr.txt

  26. Seacord, R.: Secure Coding in C and C++. SEI Series in Software Engineering (2013)

    Google Scholar 

  27. Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012, p. 28 (2012)

    Google Scholar 

  28. Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 574–588 (2013)

    Google Scholar 

  29. Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 48–62 (2013)

    Google Scholar 

  30. Tice, C., et al.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 941–955 (2014)

    Google Scholar 

  31. US-CERT: SafeStr (2006). https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/safestr

  32. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way (Paperback). Addison-Wesley Professional Computing Series. Addison-Wesley, Reading (2011)

    Google Scholar 

  33. Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3–17 (2000)

    Google Scholar 

  34. Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 157–168 (2012)

    Google Scholar 

  35. Williams-King, D., et al.: Shuffler: fast and deployable continuous code re-randomization. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI 2016, pp. 367–382 (2016)

    Google Scholar 

  36. Yamauchi, T., Ikegami, Y.: HeapRevolver: delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 219–234. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46298-1_15

    Chapter  Google Scholar 

  37. Younan, Y.: Freesentry: protecting against use-after-free vulnerabilities due to dangling pointers. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015

    Google Scholar 

  38. Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: an efficient pointer arithmetic checker for C programs. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 145–156 (2010)

    Google Scholar 

  39. Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 559–573 (2013)

    Google Scholar 

  40. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 337–352 (2013)

    Google Scholar 

Download references

Acknowledgments

This work was supported by JSPS KAKENHI Grant Number 18K11305. We are deeply grateful to Y. Kaneko, T. Uehara, Y. Sumida, Y. Hori, T. Baba, H. Miyazaki, B. Wang, R. Watanabe, and S. Kondo for this work.

Author information

Authors and Affiliations

  1. Meiji University, Kawasaki, Kanagawa, Japan

    Takamichi Saito, Masahiro Yokoyama & Shota Sugawara

  2. National Institute of Advanced Industrial Science and Technology, Tokyo, Japan

    Kuniyasu Suzaki

Authors
  1. Takamichi Saito
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masahiro Yokoyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shota Sugawara
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kuniyasu Suzaki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takamichi Saito .

Editor information

Editors and Affiliations

  1. Tokyo Denki University, Tokyo, Japan

    Atsuo Inomata

  2. Nippon Telegraph and Telephone Corporation, Tokyo, Japan

    Kan Yasuda

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Saito, T., Yokoyama, M., Sugawara, S., Suzaki, K. (2018). Safe Trans Loader: Mitigation and Prevention of Memory Corruption Attacks for Released Binaries. In: Inomata, A., Yasuda, K. (eds) Advances in Information and Computer Security. IWSEC 2018. Lecture Notes in Computer Science(), vol 11049. Springer, Cham. https://doi.org/10.1007/978-3-319-97916-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-97916-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-97915-1

  • Online ISBN: 978-3-319-97916-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation