Sciweavers

ICISS
2010
Springer

ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows

13 years 10 months ago
ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows
Abstract. Code injection attacks that target the control-data of an application have been prevalent amongst exploit writers for over 20 years. Today however, these attacks are getting increasingly harder for attackers to successfully exploit due to numerous countermeasures that are deployed by modern operating systems. We believe that this fact will drive exploit writers away from classic control-data attacks and towards data-only attacks. In data-only attacks, the attacker changes key data structures that are used by the program's logic and thus forces the control flow into existing parts of the program that would be otherwise unreachable, e.g. overflowing into a boolean variable that states whether the current user is an administrator or not and setting it to "true" thereby gaining access to the administrative functions of the program. In this paper we present ValueGuard, a canary-based defense mechanism to protect applications against data-only buffer overflow attacks...
Steven Van Acker, Nick Nikiforakis, Pieter Philipp
Added 12 Feb 2011
Updated 12 Feb 2011
Type Journal
Year 2010
Where ICISS
Authors Steven Van Acker, Nick Nikiforakis, Pieter Philippaerts, Yves Younan, Frank Piessens
Comments (0)