Abstract
Most malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network applications without tampering with any control data. These non-control data attacks represent a new challenge to system security. In this paper, we propose an architectural technique to defeat both control data and non-control data attacks based on the notion of pointer taintedness. A pointer is said to be tainted if user input can be used as the pointer value. A security attack is detected whenever a tainted value is dereferenced during program execution. The proposed architecture is implemented on the SimpleScalar processor simulator and is evaluated using synthetic programs as well as real-world network applications. Our technique can effectively detect both control data and non-control data attacks, and it offers better security coverage than current methods. The proposed architecture is transparent to existing programs.
Original language | English (US) |
---|---|
Pages | 378-387 |
Number of pages | 10 |
State | Published - 2005 |
Event | 2005 International Conference on Dependable Systems and Networks - Yokohama, Japan Duration: Jun 28 2005 → Jul 1 2005 |
Other
Other | 2005 International Conference on Dependable Systems and Networks |
---|---|
Country/Territory | Japan |
City | Yokohama |
Period | 6/28/05 → 7/1/05 |
Keywords
- Attack
- Hardware Design
- Security
- Taintedness
- Vulnerability
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications