Skip to main content
SpringerLink
Log in

Memory Errors: The Past, the Present, and the Future

  • Conference paper
Research in Attacks, Intrusions, and Defenses (RAID 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7462))

Included in the following conference series:

Abstract

Memory error exploitations have been around for over 25 years and still rank among the top 3 most dangerous software errors. Why haven’t we been able to stop them? Given the host of security measures on modern machines, are we less vulnerable than before, and can we expect to eradicate memory error problems in the near future? In this paper, we present a quarter century worth of memory errors: attacks, defenses, and statistics. A historical overview provides insights in past trends and developments, while an investigation of real-world vulnerabilities and exploits allows us to answer on the significance of memory errors in the foreseeable future.

This work was partially sponsored by the EU FP7 SysSec project and by an ERC Starting Grant project (“Rosetta”).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Afek, J., Sharabani, A.: Dangling Pointer, Smashing the Pointer for Fun and Profit. In: Blackhat, USA (2007)

    Google Scholar 

  2. Akritidis, P.: Cling: A memory allocator to mitigate dangling pointers. In: Proceedings of the 19th USENIX Conference on Security (2010)

    Google Scholar 

  3. Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium (2009)

    Google Scholar 

  4. Aleph: Smashing The Stack For Fun And Profit. Phrack Magazine (November 1996)

    Google Scholar 

  5. Anderson, J.P.: Computer Security Technology Planning Study, vol. 2 (October 1972)

    Google Scholar 

  6. Anisimov, A.: Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass (January 2005)

    Google Scholar 

  7. Anonymous: Once Upon a Free. Phrack Magazine (August 2001)

    Google Scholar 

  8. Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanovi, D.: Randomized instruction set emulation. ACM TISSEC (2005)

    Google Scholar 

  9. Basili, V.R., Perricone, B.T.: Software errors and complexity: an empirical investigation. CACM (1984)

    Google Scholar 

  10. Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? In: IEEE S&P (2011)

    Google Scholar 

  11. Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: USENIX Security Symposium (August 2005)

    Google Scholar 

  12. blackngel: Malloc Des-Maleficarum. Phrack Magazine (June 2009)

    Google Scholar 

  13. blackngel: The House Of Lore: Reloaded. Phrack Magazine (November 2010)

    Google Scholar 

  14. Blazakis, D.: Interpreter Exploitation. In: Proceedings of the 4th USENIX Conference on Offensive Technologies (2010)

    Google Scholar 

  15. BlueHat, M.: Microsoft BlueHat Prize Contest (2011)

    Google Scholar 

  16. Bosman, E., Slowinska, A., Bos, H.: Minemu: The World’s Fastest Taint Tracker. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 1–20. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  17. Bray, B.: Compiler Security Checks In Depth (February 2002)

    Google Scholar 

  18. Brumley, D., Poosankam, P., Song, D., Zheng, J.: Automatic patch-based exploit generation is possible: Techniques and implications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy (2008)

    Google Scholar 

  19. Bruschi, D., Cavallaro, L., Lanzi, A.: Diversified Process Replicae for Defeating Memory Error Exploits. In: Intern. Workshop on Assurance, WIA (2007)

    Google Scholar 

  20. BugTraq: Wu-Ftpd Remote Format String Stack Overwrite Vulnerability (June 2000)

    Google Scholar 

  21. Bulba, Kil3r: Bypassing StackGuard and StackShield. Phrack Magazine (January 2000)

    Google Scholar 

  22. CERT Coordination Center: The CERT FAQ (January 2011)

    Google Scholar 

  23. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: USENIX Sec. Symposium (2005)

    Google Scholar 

  24. Christey, S., Martin, R.A.: Vulnerability Type Distributions in CVE (May 2007)

    Google Scholar 

  25. Cker Chiueh, T., Hau Hsu, F.: Rad: A compile-time solution to buffer overflow attacks. In: ICDCS (2001)

    Google Scholar 

  26. Conover, M., Horovitz, O.: Windows Heap Exploitation (Win2KSP0 through WinXPSP2). In: SyScan (December 2004)

    Google Scholar 

  27. Conover, M.: w00w00 Security Team: w00w00 on Heap Overflows (January 1999)

    Google Scholar 

  28. Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G.: FormatGuard: Automatic Protection From printf Format String Vulnerabilities. In: USENIX Security Symposium (August 2001)

    Google Scholar 

  29. Cowan, C., Pu, C., Maier, D., Hintongif, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In: Proceedings of the 7th USENIX Security Symposium (January 1998)

    Google Scholar 

  30. Cox, B., Evans, D., Filipi, A., Rowanhill, J., Hu, W., Davidson, J., Knight, J., Nguyen-Tuong, A., Hiser, J.: N-variant systems: a secretless framework for security through diversity. In: USENIX Security Symposium (2006)

    Google Scholar 

  31. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege Escalation Attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  32. de Raadt, T.: Exploit Mitigation Techniques (in OpenBSD, of course) (November 2005)

    Google Scholar 

  33. Designer, S.: Getting around non-executable stack (and fix) (August 1997)

    Google Scholar 

  34. Designer, S.: Linux kernel patch to remove stack exec permission (April 1997)

    Google Scholar 

  35. Designer, S.: JPEG COM Marker Processing Vulnerability (July 2000)

    Google Scholar 

  36. DilDog: L0pht Advisory MSIE4.0(1) (January 1998)

    Google Scholar 

  37. Dowd, M.: Application-Specific Attacks: Leveraging the ActionScript Virtual Machine (April 2008)

    Google Scholar 

  38. Durden, T.: Bypassing PaX ASLR Protection. Phrack Magazine (July 2002)

    Google Scholar 

  39. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks. In: Flegel, U., Bruschi, D. (eds.) DIMVA 2009. LNCS, vol. 5587, pp. 88–106. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  40. Etoh, H., Yoda, K.: Protecting from stack-smashing attacks (June 2000)

    Google Scholar 

  41. Fewer, S.: Pwn2Own 2011: IE8 on Windows 7 hijacked with 3 vulnerabilities (May 2011)

    Google Scholar 

  42. Fisher, D.: Survey Shows Most Flaws Sold For $5,000 Or Less (May 2010)

    Google Scholar 

  43. Fisher, D.: Chaouki Bekrar: The Man Behind the Bugs (March 2012)

    Google Scholar 

  44. Fisher, D.: Offense is Being Pushed Underground (March 2012)

    Google Scholar 

  45. Flake, H.: Third Generation Exploits. In: Blackhat USA Windows Security (February 2002)

    Google Scholar 

  46. Flake, H.: Exploitation and State Machines: Programming the “weird machine” revisited (April 2011)

    Google Scholar 

  47. Fresi-Roglia, G., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: ACSAC (December 2009)

    Google Scholar 

  48. Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. In: Proceedings of the 21th USENIX Conference on Security (2012)

    Google Scholar 

  49. Goodin, D.: Legal goons threaten researcher for reporting security bug (2011)

    Google Scholar 

  50. Guido, D.: Vulnerability Disclosure (2011)

    Google Scholar 

  51. Hawkes, B.: Attacking the Vista Heap. Blackhat, USA (August 2008)

    Google Scholar 

  52. Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: Where’d My Gadgets Go? In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  53. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: USENIX ATC (2002)

    Google Scholar 

  54. Jones, R.W.M., Kelly, P.H.J., Most, C., Errors, U.: Backwards-compatible bounds checking for arrays and pointers in c programs. In: Third International Workshop on Automated Debugging (1997)

    Google Scholar 

  55. jp: Advanced Doug lea’s malloc exploits. Phrack Magazine (August 2003)

    Google Scholar 

  56. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection Attacks With Instruction-Set Randomization (October 2003)

    Google Scholar 

  57. Kononenko, S.: Remote root vulnerability in Exim (December 2010)

    Google Scholar 

  58. Krahmer, S.: x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique (September 2005)

    Google Scholar 

  59. Labs, M.S.: Security Labs Report, July - December 2011 Recap (Februay 2012)

    Google Scholar 

  60. Lemos, R.: Does Microsoft Need Bug Bounties? (May 2011)

    Google Scholar 

  61. Litchfield, D.: Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server. In: Blackhat, Asia (December 2003)

    Google Scholar 

  62. Litchfield, D.: Windows Heap Overflows. In: Blackhat USA Windows Security (January 2004)

    Google Scholar 

  63. Lopatic, T.: Vulnerability in NCSA HTTPD 1.3 (Februay 1995)

    Google Scholar 

  64. Marinescu, A.: Windows Vista Heap Management Enhancements. In: Blackhat, USA (August 2006)

    Google Scholar 

  65. MaXX: VUDO Malloc Tricks. Phrack Magazine (August 2001)

    Google Scholar 

  66. McDonald, J.: Defeating Solaris/SPARC Non-Executable Stack Protection) (March 1999)

    Google Scholar 

  67. McDonald, J., Valasek, C.: Practical Windows XP/2003 Heap Exploitation. Blackhat, USA (July 2009)

    Google Scholar 

  68. Meer, H.: Memory Corruption Attacks The (almost) Complete History. In: Blackhat, USA (July 2010)

    Google Scholar 

  69. Mein, A.: Celebrating one year of web vulnerability research (2012)

    Google Scholar 

  70. Microsoft: A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003 (September 2006)

    Google Scholar 

  71. Miller, M.: Preventing the Exploitation of SEH Overwrites (September 2006)

    Google Scholar 

  72. Necula, G.C., Condit, J., Harren, M., Mcpeak, S., Weimer, W.: Ccured: Type-safe retrofitting of legacy software. ACM Trans. on Progr. Lang. and Syst (2005)

    Google Scholar 

  73. Nergal: The Advanced Return-Into-Lib(c) exploits (PaX Case study). Phrack Magazine (December 2001)

    Google Scholar 

  74. NIST: The Second Static Analysis Tool Exposition (SATE) 2009 (June 2010)

    Google Scholar 

  75. Okun, V., Guthrie, W.F., Gaucher, R., Black, P.E.: Effect of static analysis tools on software security: preliminary investigation. In: Proceedings of the 2007 ACM Workshop on Quality of Protection (2007)

    Google Scholar 

  76. Ostrand, T.J., Weyuker, E.J.: The distribution of faults in a large industrial software system. In: ISSTA (2002)

    Google Scholar 

  77. Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  78. Phantasmagoria, P.: The Malloc Maleficarum (October 2005)

    Google Scholar 

  79. Planet, C.: A Eulogy for Format Strings. Phrack (November 2010)

    Google Scholar 

  80. Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Comprehensive shellcode detection using runtime heuristics. In: ACSAC (2010)

    Google Scholar 

  81. Richarte, G.: Four different tricks to bypass StackShield and StackGuard protection (June 2002)

    Google Scholar 

  82. Ruwase, O., Lam, M.: A practical dynamic buffer overflow detector. In: Proceedings of NDSS Symposium (February 2004)

    Google Scholar 

  83. Roemer, R., Erik Buchanan, H.S., Savage, S.: Return-Oriented Programming: Systems, Languages, and Applications. ACM TISSEC (April 2010)

    Google Scholar 

  84. Salamat, B., Jackson, T., Gal, A., Franz, M.: Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space. In: EuroSys (2009)

    Google Scholar 

  85. SANS: CWE/SANS TOP 25 Most Dangerous Software Errors (June 2011)

    Google Scholar 

  86. Schmidt, C., Darby, T.: The What, Why, and How of the 1988 Internet Worm (July 2001)

    Google Scholar 

  87. Scut: Exploiting Format String Vulnerabilities (September 2001)

    Google Scholar 

  88. Seifried, K., Levy, E.: Interview with Elias Levy (Bugtraq) (2001)

    Google Scholar 

  89. Serna, F.J.: CVE-2012-0769, the case of the perfect info leak (February 2012)

    Google Scholar 

  90. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: ACM CCS (October 2004)

    Google Scholar 

  91. SkyLined: Internet Exploiter 3: Technical details (November 2004)

    Google Scholar 

  92. SkyLined: Internet Explorer IFRAME src&name parameter BoF remote compromise (October 2004)

    Google Scholar 

  93. SkyLined: Microsoft Internet Explorer DHTML Object handling vulnerabilities (MS05-20) (April 2005)

    Google Scholar 

  94. Slowinska, A., Stancescu, T., Bos, H.: Howard: a dynamic excavator for reverse engineering data structures. In: Proceedings of NDSS 2011, San Diego, CA (2011)

    Google Scholar 

  95. Slowinska, A., Stancescu, T., Bos, H.: Body armor for binaries: preventing buffer overflows without recompilation. In: Proceedings of the USENIX Security Symposium (2012)

    Google Scholar 

  96. StackShield: Stack Shield: A ”stack smashing” technique protection tool for Linux (December 1999)

    Google Scholar 

  97. Symantec: Symantec report on the underground economy (2008)

    Google Scholar 

  98. Team, P.: Address Space Layout Randomization (March 2003)

    Google Scholar 

  99. The Pax Team: Design & Implementation of PAGEEXEC (2000)

    Google Scholar 

  100. Theriault, C.: Why is a 14-month-old patched Microsoft vulnerability still being exploited? (February 2012)

    Google Scholar 

  101. Twillman, T.: Exploit for proftpd 1.2.0pre6 (September 1999)

    Google Scholar 

  102. van der Veen, V., dutt Sharma, N., Cavallaro, L., Bos, H.: Memory Errors: The Past, the Present, and the Future. Technical Report IR-CS-73 (November 2011)

    Google Scholar 

  103. Veracode: State of Software Security Report, vol. 4 (December 2011)

    Google Scholar 

  104. VUPEN: Safari/MacBook first to fall at Pwn2Own (March 2011)

    Google Scholar 

  105. VUPEN: Pwn2Own 2012: Google Chrome browser sandbox first to fall (March 2012)

    Google Scholar 

  106. VUPEN: Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities (March 2012)

    Google Scholar 

  107. Waisman, N.: Understanding and Bypassing Windows Heap Protection (June 2007)

    Google Scholar 

  108. Wei, T., Wang, T., Duan, L., Luo, J.: Secure dynamic code generation against spraying. In: ACM CCS (2010)

    Google Scholar 

  109. X-Force, I.: IBM X-Force 2011 Mid-year Trend and Risk Report (September 2011)

    Google Scholar 

  110. Younan, Y., Joosen, W., Piessens, F.: Code injection in C and C++: A Survey of Vulnerabilities and Countermeasures. Technical Report CW386 (July 2004)

    Google Scholar 

  111. Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: PAriCheck: an efficient pointer arithmetic checker for c programs. In: AsiaCCS (2010)

    Google Scholar 

  112. Zatko, P.: How to write Buffer Overflows (1995)

    Google Scholar 

  113. Zetter, K.: Three minutes with rain forrest puppy (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Network Institute, VU University Amsterdam, The Netherlands

    Victor van der Veen, Nitish dutt-Sharma, Lorenzo Cavallaro & Herbert Bos

  2. Royal Holloway, University of London, UK

    Lorenzo Cavallaro

Authors
  1. Victor van der Veen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nitish dutt-Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lorenzo Cavallaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Herbert Bos
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia Antipolis Cedex, France

    Davide Balzarotti

  2. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, M.C. 0401, 10027-7003, New York, NY, USA

    Salvatore J. Stolfo

  3. School of Computer Science, University of Birmingham, B15 2TT, Edgbaston, Birmingham, UK

    Marco Cova

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

van der Veen, V., dutt-Sharma, N., Cavallaro, L., Bos, H. (2012). Memory Errors: The Past, the Present, and the Future. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2012. Lecture Notes in Computer Science, vol 7462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33338-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33338-5_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33337-8

  • Online ISBN: 978-3-642-33338-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation