Abstract
Control-hijacking attacks are known as critical threats to software security. Control flow monitoring is a kind of important method to mitigate this problem. In this paper, we present a new method for program control flow monitoring. Based on the static analysis of a program, we apply very simple instrumentation of a program’s source code to encode its runtime function level control flow traces and check the correctness of the traces in the OS kernel. Experiments show that this method has a tiny performance impact and is still highly effective in detecting control-hijacking attacks. We also propose to automatically handle non-standard control flow by learning programs’ dynamic profiling data. Our method is hopeful to be enforceable in different environments because it does not depend closely on specific platform features and the underlying techniques can be easily found in many platforms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
One, A.: Smashing The Stack For Fun And Profit. Phrack 7(49) (1996)
Lamagra Argamal.Ftpd: the advisory version. bugtraq mailing list (23 June, 2000) http://www.securityfocus.com/archive/1/66544
Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proc of the Usenix Security Symposium (2002)
Abadi, M., Budiu, M., Erlingsson, ú., Ligatti, J.: Control-flow integrity. ACM Conference on Computer and Communications Security (2005)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proc of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2001)
Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 144–155. IEEE Computer Society Press, Los Alamitos (2001)
Feng, H., Kolesnikov, O., Fogla, P., Lee, W., Gong, W.: Anomaly detection using call stack information. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 62–77. IEEE Computer Society Press, Los Alamitos (2003)
Basu, S., Uppuluri, P.: Proxy-annotated control flow graphs: Deterministic context-sensitive monitoring for intrusion detection. In: Ghosh, R.K., Mohanty, H. (eds.) ICDCIT 2004. LNCS, vol. 3347, pp. 353–362. Springer, Heidelberg (2004)
Feng, H., Giffin, J., Huang, Y., Jha, S., Lee, W., Miller, B.: Formalizing sensitivity in static analysis for intrusion detection. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 194–210. IEEE Computer Society Press, Los Alamitos (2004)
Giffin, J., Jha, S., Miller, B.: Efficient context-sensitive intrusion detection. In: NDSS 2004. Proc. of the Network and Distributed System Security Symposium (2004)
Lam, L., Chiueh, T.: Automatic extraction of accurate application-specific sandboxing policy. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 1–20. Springer, Heidelberg (2004)
Gopalakrishna, R., Spafford, E., Vitek, J.: Efficient intrusion detection using automaton inlining. In: Proc. of the IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2005)
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the Effectiveness of Address Space Randomization. In: ACM Conference on Computer Security 2004, ACM Press, New York (2004)
Sovarel, A.N., Evans, D., Paul, N.: Where’s the FEEB? The Effectiveness of Instruction Set Randomization. In: Proc. of the 14th USENIX Security Symposium (July 31–August 5) Baltimore, MD (2005)
Erlingsson, Ú., Schneider, F.: IRM enforcement of java stack inspection. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 246–255 (2000)
McCamant, S., Morrisett, G.: Efficient, verifiable binary sandboxing for a CISC architecture. Technical Report MIT-LCS-TR-988, MIT Laboratory for Computer Science (2005)
Hind, M., Pioli, A.: Which pointer analysis should I use? In: Proc. of the International Symposium on Software Testing and Analysis (2000)
Steensgaard, B.: Points-to Analysis in Almost Linear Time. In: Proc. Symposium on Principles of Programming Languages (1996)
PaX Team. PaX address space layout randomiza-tion(ASLR), http://pax.grsecurity.net/docs/aslr.txt
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: CCS. Proc of the 10th ACM Conference on Computer and Communications Security, ACM Press, New York (2003)
Linn, C., Debray, S.: Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In: Proc. of the 10th ACM Conference on Computer and Communications Security (2003)
“Solar Designer”. Non-Executable User Stack, http://www.false.com/security/linux-stack/
Necula, G.C., McPeak, S., Rahul, S.P., et al.: CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs. In: Horspool, R.N. (ed.) CC 2002 and ETAPS 2002. LNCS, vol. 2304, Springer, Heidelberg (2002)
Pozo, R., Miller, B.: SciMark 2.0. (June 20, 2000), http://math.nist.gov/scimark
Wilander, J., Kamkar, M.: A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In: NDSS 2003. Proc of the 10th Network and Distrib-uted System Security Symposium, San Diego, California (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xia, N., Mao, B., Zeng, Q., Xie, L. (2007). Efficient and Practical Control Flow Monitoring for Program Security. In: Okada, M., Satoh, I. (eds) Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues. ASIAN 2006. Lecture Notes in Computer Science, vol 4435. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77505-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-77505-8_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77504-1
Online ISBN: 978-3-540-77505-8
eBook Packages: Computer ScienceComputer Science (R0)