Return Address Randomization Scheme for Annuling Data-Injection Buffer Overflow Attacks | SpringerLink
Skip to main content
Springer Nature Link
Log in

Return Address Randomization Scheme for Annuling Data-Injection Buffer Overflow Attacks

  • Conference paper
Information Security and Cryptology (Inscrypt 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4318))

Included in the following conference series:

  • 797 Accesses

Abstract

Buffer overflow(BOF) has been the most common form of vulnerability in software systems today, and many methods exist to defend software systems against BOF attacks. Among them, the instruction set randomization scheme, which makes attacker not to know the specific instruction set of the target machine, is the most promising defense scheme because it defends all typical code-injection BOF attacks. However, this defense scheme can not cover data-injection BOF attacks like return-into-libc attacks. In order to defend against the data-injection BOF attacks as well as the code-injection BOF attacks, we propose an enhanced defense scheme randomizing not only the instruction sets but also the return addresses. Implementation results show that the proposed scheme can defend software systems against data-injection BOF attacks as well as code-injection BOF attacks without significant extra overheads.

This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institue of Information Technology Assessment)(IITA-2005-C1090-0501-0018).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Cert: Cert coordination center (2006), http://www.cert.org/

  2. Bugtraq: Bugtraq mailing list (2006), http://www.securityfocus.com/archive/1

  3. Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Intrusion detection: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (2003)

    Google Scholar 

  4. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of 10th ACM International Conference on Computer and Communications Security (2003)

    Google Scholar 

  5. Seward, J., Nethercote, N.: Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science (2003)

    Google Scholar 

  6. Nergal: The advanced return-into-lib(c) exploits (pax case study). Phrack Magazine 58(4) (2001), http://www.phrack.org/phrack/58/p58-0x04

  7. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: Stackguard: Automatic adaptive detection and prevention of buffer overflow attacks. In: Proceedings of 7th USENIX Security Conference (1998)

    Google Scholar 

  8. Vendicator: Stackshield: A stack smashing technique protection tool for linux (2000), http://www.angelfire.com/sk/stackshield

  9. Bulba, Kil3r: Bypassing stackguard and stackshield. Phrack Magazine 56(5) (2000), http://www.phrack.org/phrack/56/p56-0x05

  10. Designer, S.: Openwall project, non-executable user stack (2005), http://www.openwall.com/linux

  11. Team, P.: Pax aslr (address space layout randomization) (2003), http://pax.grsecurity.net/

  12. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: 11th ACM Conference on Computer and Communications Security (2004)

    Google Scholar 

  13. Johnson, S.C.: Lint: a c program checker. Bell Laboratories Computer Science Technical Report 65 (1977)

    Google Scholar 

  14. Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Software magazine (2002), http://www.splint.org/

  15. Jones, R.: Bounds checking patches for gcc (2005), http://sourceforge.net/projects/boundschecking/

  16. Baratloo, A., Tsai, T., Singh, N.: Libsafe: Protecting critical elements of stacks (1999), http://www.research.avayalabs.com/project/libsafe/

  17. Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th Annual Network and Distributed System Security Symposium (2005)

    Google Scholar 

  18. Barrantes, E.G., Ackley, D.H., Forrest, S., Stefanovic, D.: Randomized instruction set emulation. ACM Transactions on Information and System Security (2005)

    Google Scholar 

  19. Team, P.: Pax noexec (2003), http://pax.grsecurity.net/

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science & Engineering, Pohang University of Science and Technology, San 31 Hyoja-dong, Nam-gu, Pohang, 790-784, Korea

    Deok Jin Kim, Tae Hyung Kim, Jong Kim & Sung Je Hong

Authors
  1. Deok Jin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tae Hyung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jong Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sung Je Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University College London, UK

    Helger Lipmaa

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

  3. SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, D.J., Kim, T.H., Kim, J., Hong, S.J. (2006). Return Address Randomization Scheme for Annuling Data-Injection Buffer Overflow Attacks. In: Lipmaa, H., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2006. Lecture Notes in Computer Science, vol 4318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11937807_19

Download citation

  • DOI: https://doi.org/10.1007/11937807_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49608-3

  • Online ISBN: 978-3-540-49610-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation