Abstract
A variety of countermeasures against memory corruption attacks have been proposed to implement within compilers, linkers, operating systems, and libraries. However, according to our survey, a certain number of executable binaries in Linux distributions are not protected by the countermeasures, even when the countermeasures are applied to these binaries. Further, the countermeasures have some problems including the way of application, the scope of attacks, and the runtime overhead. For example, some require source code or need to update the kernel or specific libraries. These requirements are not acceptable for everyone. In this paper, we propose an application-level loader called Safe Trans Loader (STL) that mitigates or prevents memory corruption attacks. The STL can be applied to already released executable binaries in an operational phase. Note that the STL replaces vulnerable library functions with safe substitute functions when it loads the protected binary. These safe substitute functions mitigate or prevent stack-based buffer overflow attacks, heap-based buffer overflow attacks, and use-after-free attacks. Since the STL has minimal dependencies on the execution environment, it does not require specific changes to the existing operating system or library. Further, through our evaluation, the runtime overhead of the STL is only 1.24%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Akritidis, P.: Cling: a memory allocator to mitigate dangling pointers. In: Proceedings of the 19th USENIX Conference on Security. In: USENIX Security 2010, p. 12 (2010)
Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 51–66 (2009)
Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2000, p. 21 (2000)
Bittau, A., Belay, A., Mashtizadeh, A., Mazières, D., Boneh, D.: Hacking blind. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 227–242 (2014)
Bosman, E., Slowinska, A., Bos, H.: Minemu: the world’s fastest taint tracker. In: Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID 2011, pp. 1–20 (2011)
Chen, X., Slowinska, A., Andriesse, D., Bos, H., Giuffrida, C.: StackArmor: comprehensive protection from stack-based memory error vulnerabilities for binaries. In: NDSS (2015)
CVE: CVE-2009-2957. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2957
CVE: CVE-2013-4256. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4256
CVE: CVE-2017-14492. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492
CVE: CVE-2017-14493. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493
CWE: CWE-121: Stack-based buffer overflow. http://cwe.mitre.org/data/definitions/121.html
CWE: CWE-122: Heap-based buffer overflow. http://cwe.mitre.org/data/definitions/122.html
CWE: CWE-416: Use after free. http://cwe.mitre.org/data/definitions/416.html
Davi, L., Sadeghi, A.R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 40–51 (2011)
Dhurjati, D., Adve, V.: Backwards-compatible array bounds checking for C with very low overhead. In: Proceedings of the 28th International Conference on Software Engineering, ICSE 2006, pp. 162–171 (2006)
Hiser, J., Nguyen-Tuong, A. Co, M., Hall, M., Davidson, J.W.: ILR: where’d my gadgets go? In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 571–585 (2012)
Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proceedings of the 3rd International Workshop on Automatic Debugging (AADEBUG 1997), no. 1, pp. 13–26 (1997)
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: Proceedings of the 11th USENIX Conference on Operating Systems Design and Implementation, OSDI 2014, pp. 147–163 (2014)
Lee, B., et al.: Preventing use-after-free with dangling pointers nullification. In: NDSS (2015)
Microsoft: A Detailed Description of the Data Execution Prevention (DEP) Feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. SIGPLAN Not. 44(6), 245–258 (2009)
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. SIGPLAN Not. 45(8), 31–40 (2010)
Novark, G., Berger, E.D.: DieHarder: securing the heap. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 573–584 (2010)
OSDev: Buffer overflow protection. https://wiki.osdev.org/Stack_Smashing_Protector
PaX: ASLR (Address Space Layout Randomization) - of PaX (2003). http://pax.grsecurity.net/docs/aslr.txt
Seacord, R.: Secure Coding in C and C++. SEI Series in Software Engineering (2013)
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: Proceedings of the 2012 USENIX Conference on Annual Technical Conference, USENIX ATC 2012, p. 28 (2012)
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 574–588 (2013)
Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 48–62 (2013)
Tice, C., et al.: Enforcing forward-edge control-flow integrity in GCC & LLVM. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 941–955 (2014)
US-CERT: SafeStr (2006). https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/safestr
Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way (Paperback). Addison-Wesley Professional Computing Series. Addison-Wesley, Reading (2011)
Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and Distributed System Security Symposium, pp. 3–17 (2000)
Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 157–168 (2012)
Williams-King, D., et al.: Shuffler: fast and deployable continuous code re-randomization. In: Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation, OSDI 2016, pp. 367–382 (2016)
Yamauchi, T., Ikegami, Y.: HeapRevolver: delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 219–234. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46298-1_15
Younan, Y.: Freesentry: protecting against use-after-free vulnerabilities due to dangling pointers. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015
Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: an efficient pointer arithmetic checker for C programs. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 145–156 (2010)
Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 559–573 (2013)
Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22nd USENIX Conference on Security, SEC 2013, pp. 337–352 (2013)
Acknowledgments
This work was supported by JSPS KAKENHI Grant Number 18K11305. We are deeply grateful to Y. Kaneko, T. Uehara, Y. Sumida, Y. Hori, T. Baba, H. Miyazaki, B. Wang, R. Watanabe, and S. Kondo for this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Saito, T., Yokoyama, M., Sugawara, S., Suzaki, K. (2018). Safe Trans Loader: Mitigation and Prevention of Memory Corruption Attacks for Released Binaries. In: Inomata, A., Yasuda, K. (eds) Advances in Information and Computer Security. IWSEC 2018. Lecture Notes in Computer Science(), vol 11049. Springer, Cham. https://doi.org/10.1007/978-3-319-97916-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-97916-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-97915-1
Online ISBN: 978-3-319-97916-8
eBook Packages: Computer ScienceComputer Science (R0)