Sciweavers

IWIA
2005
IEEE

A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks

14 years 6 months ago
A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks
This paper proposes a methodology to develop countermeasures against code injection attacks, and validates the methodology by working out a specific countermeasure. This methodology is based on modeling the execution environment of a program. Such a model is then used to build countermeasures. The paper justifies the need for a more structured approach to protect programs against code injection attacks: we examine advanced techniques for injecting code into C and C++ programs and we discuss state-ofthe-art (often ad hoc) approaches that typically protect singular memory locations. We validate our methodology by building countermeasures that prevent attacks by protecting a broad variety of memory locations that may be used by attackers to perform code injections. The paper evaluates our approach and discusses ongoing and future work.
Yves Younan, Wouter Joosen, Frank Piessens
Added 25 Jun 2010
Updated 25 Jun 2010
Type Conference
Year 2005
Where IWIA
Authors Yves Younan, Wouter Joosen, Frank Piessens
Comments (0)