Abstract
By preventing attacks which exploit stack buffer overflow vulnerabilities, address space layout randomization is an effective way for embedded systems protection. However, ASLR will probably suffer exhaustive attacks because the pertinence is not strong. At present only coarse-grained randomization has been implemented because one of the key bottlenecks for fine-grained randomization is the dependencies between functions cannot be constructed completely due to indirect calls. As a result, we give a static inter-procedural backtracking recognition mechanism in this paper by using intermediate code analysis technologies to identify the destination addresses of indirect callings generated by function pointers.
This work is funded by the National Natural Science Foundation of China under Grant No. 61373010 and the National High Technology Research and Development Program of China under Grant No. 2011AA01A202.
Chapter PDF
Similar content being viewed by others
Keywords
References
Ravi, S., Raghunathan, A., Kocher, P., et al.: Security in embedded systems: Design challenges. ACM Transactions on Embedded Computing Systems (TECS) 3(3), 461–491 (2004)
Hsieh, G., Meeks, R., Marvel, L.: Supporting Secure Embedded Access Control Policy with XACML+ XML Security. In: 2010 5th International Conference on Future Information Technology (FutureTech), pp. 1–6. IEEE (2010)
Cowan, C., Pu, C., Maier, D., et al.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium, vol. 81, pp. 346–355 (1998)
Cowan, C., Barringer, M., Beattie, S., et al.: FormatGuard: Automatic protection from printf format string vulnerabilities. In: Proceedings of the 10th USENIX Security Symposium, vol. 3 (2001)
Solar Designer. StackPatch, http://www.opwnwall.com/linux
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, vol. 120 (2003)
Kil, C., Jun, J., Bookholt, C., et al.: Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In: 22nd Annual on Computer Security Applications Conference, ACSAC 2006, pp. 339–348. IEEE (2006)
Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561. ACM (2007)
Jackson, T., Salamat, B., Wagner, G., et al.: On the effectiveness of multi-variant program execution for vulnerability detection and prevention. In: Proceedings of the 6th International Workshop on Security Measurements and Metrics, vol. 7. ACM (2010)
Shacham, H., Page, M., Pfaff, B., et al.: On the effectiveness of address space randomization. In: ACM conference on Computer and Communication s Security (CCS), Washington, DC, pp. 298–307 (2004)
Durden, T.: Bypassing pax aslr protection. Phrack Magazine 59(9), 9–9 (2002)
Wang, Z., Cheng, R., Gao, D.: Revisiting address space randomization. Information Security and Cryptology-ICISC 2011, 207–221 (2010)
Van Emmerik, M.J.: Static single assignment for decompilation. The University of Queensland (2007)
Appel, A.W.: Modern compiler implementation in Java. Cambridge University Press (1998)
Lang, B., Zhao, N., Ge, K., et al.: An XACML policy generating method based on policy view. In: Third International Conference on Pervasive Computing and Applications, ICPCA 2008, vol. 1, pp. 295–301. IEEE (2008)
Cytron, R., Ferrante, J., Rosen, B.K., et al.: Efficiently computing static single assignment form and the control dependence graph. ACM Transactions on Programming Languages and Systems (TOPLAS) 13(4), 451–490 (1991)
Cifuentes, C., Simon, D.: Procedure abstraction recovery from binary code. In: Proceedings of the Fourth European Software Maintenance and Reengineering, pp. 55–64. IEEE (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Gao, S. et al. (2014). A Static Recognition Mechanism for Indirect Call Based on Static Single Assignment. In: Zu, Q., Vargas-Vera, M., Hu, B. (eds) Pervasive Computing and the Networked World. ICPCA/SWS 2013. Lecture Notes in Computer Science, vol 8351. Springer, Cham. https://doi.org/10.1007/978-3-319-09265-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-09265-2_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09264-5
Online ISBN: 978-3-319-09265-2
eBook Packages: Computer ScienceComputer Science (R0)