Title: ValueGuard: Protection of native applications against data-only buffer overflows
Authors: Van Acker, Steven
Nikiforakis, Nick
Philippaerts, Pieter
Younan, Yves
Piessens, Frank #
Issue Date: 15-Dec-2010
Publisher: Springer
Host Document: Lecture Notes in Computer Science vol:6503 pages:156-170
Conference: ICISS (International Conference on Information Systems Security) edition:2010 location:Gandhinagar, India date:15-19 December 2010
Abstract: Code injection attacks that target the control-data of an application have been prevalent amongst exploit writers for over 20 years. Today however, these attacks are getting increasingly harder for attackers to successfully exploit due to numerous countermeasures that are deployed by modern operating systems. We believe that this fact will drive exploit writers away from classic control-data attacks and towards data-only attacks. In data-only attacks, the attacker changes key data structures that are used by the program’s logic and thus forces the control flow into existing parts of the program that would be otherwise unreachable, e.g. overflowing into a boolean variable that states whether the current user is an administrator or not and setting it to “true” thereby gaining access to the administrative functions of the program.
In this paper we present ValueGuard, a canary-based defense mechanism to protect applications against data-only buffer overflow attacks. ValueGuard inserts canary values in front of all variables and verifies their integrity whenever these variables are used. In this way, if a buffer overflow has occurred that changed the contents of a variable, ValueGuard will detect it since the variable’s canary will have also been changed. The countermeasure itself can be used either as a testing tool for applications before their final deployment or it can be applied selectively to legacy or high-risk parts of programs that we want to protect at run-time, without incurring extra time-penalties to the rest of the applications.
ISBN: 978-3-642-17713-2
ISSN: 0302-9743
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section
# (joint) last author

Files in This Item:
File Description Status SizeFormat
valueguard.pdfValueguard paper Published 246KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science