Abstract | ||
---|---|---|
Buffer overflow is known to be a common memory vulnerability affecting software. It is exploited to gain various kinds of privilege escalation. C and C++ are very commonly used to develop applications; due to the efficient “unmanaged” executions these languages are not safe. These attacks are highly successful as every executing copy of a shipped binary is the same. This work presents two approaches to randomizing the memory layout which does not require modifications at the developer end. Both techniques are implemented at the user-end machines and have no requirement for source code. The feasibility of the two techniques is shown by randomizing complex applications and demonstrating that the run-time penalty for the randomization schemes is very less. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1109/ISSRE.2010.22 | ISSRE |
Keywords | Field | DocType |
common memory vulnerability,user-end machine,complex application,buffer overflow,source code,run-time penalty,privilege escalation,preventing overflow attacks,memory randomization,developer end,memory layout,randomization scheme,security,force,memory management,software reliability,algorithms | Privilege escalation,Source code,Computer science,Real-time computing,Software,Memory management,Software quality,Binary number,Software diversity,Buffer overflow,Distributed computing | Conference |
Citations | PageRank | References |
3 | 0.43 | 10 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Vivek Iyer | 1 | 43 | 5.57 |
Amit Kanitkar | 2 | 3 | 0.76 |
Partha Dasgupta | 3 | 298 | 47.40 |
Srinivasan Raghunathan | 4 | 1066 | 93.43 |