【 摘 要 】

Memory corruptions are a major part of security attacks observed nowadays.Many protection mechanisms have been proposed to fight against them. These techniques can be broadly classified into two categories: those that focus on preventing vulnerabilities from being exploited (canary value, libsafe) and those that focus on preventing important data (e.g. return address, critical variable) from being overwritten by attackers (IFS, taintedness tracking, WIT, random memory layout). As the range of vulnerabilities increases, we believe that protecting all vulnerabilities with specific techniques begins to be unrealistic. That is why we want to focus on the second category. This thesis proposes to use an existing formal tool, SymPLAID, to find the minimum set of critical memory locations one needs to protect. The analysis results are also used to derive selective detectors which are guaranteed to detect a given attack model. We demonstrate the methodology by deriving application specific detectors which are guaranteed to detect all attacks where the attacker's goal is to corrupt the application's end result by modifying one memory location. Very few, well placed detectors are needed to get a 100% coverage for the given attack model.

【 预 览 】

附件列表

Files	Size	Format	View
Formal framework and tools to derive efficient application-level detectors against memory corruption attacks	1637KB	PDF	download