Efficient Protection Against Heap-Based Buffer Overflows Without Resorting to Magic.

In this paper we present an approach that, when applied to a memory allocator, will protect against this attack vector without resorting to magic. ... Bugs in dynamic memory management, including for instance heap-based buffer overflows and dangling pointers, are an important source of vulnerabilities in C and C++. ... Alternative approaches Other approaches that protect against the more general problem of buffer overflows also protect against heap-based buffer overflows. ...

doi:10.1007/11935308_27 fatcat:ppdeqwcx5jgoba4vqdkqhvifdu

buffer overflows. ... Instruction-set randomization (ISR) obfuscates the "language" understood by a system to protect against code-injection attacks by presenting an ever-changing target. ... More importantly, NX does not protect from unauthorized code execution. PointGuard [45] uses encryption to protect pointers from buffer overflows. ...

doi:10.1007/978-1-4614-0977-9_3 fatcat:rdwqqfst6jeedkb42mf5ivkv5q

The SQL prototype consists of an SQL query-randomizing proxy that protects against SQL-injection attacks with no changes to database servers, minor changes to CGI scripts, and with negligible performance ... We demonstrate how to mitigate the significant performance impact of emulation-based ISR by using several heuristics to limit the scope of randomized (and interpreted) execution to sections of code that ... Thus, our approach addresses (at least in principle) not only stack-and heap-based buffer overflow attacks, but any type of remote code-injection attack. ...

doi:10.1109/tdsc.2008.58 fatcat:wcogowrapjftzarkbwdgbncxqi

In this work, we introduce the BORG (Buffer Over-Read Guard), a testing tool that uses static and dynamic program analysis, taint propagation and symbolic execution to detect buffer overread bugs in real-world ... BORG works by first selecting buffer accesses that could lead to an overread and then guiding symbolic execution towards those accesses along program paths that could actually lead to an overread. ... Acknowledgments The research leading to these results has received funding from the ...

doi:10.1145/2699026.2699098 dblp:conf/codaspy/Neugschwandtner15 fatcat:2gitoroosrdafplnaswr2rysc4

We introduce a new implementation technique where allocation mementos processed by the garbage collector and runtime system efficiently tie objects back to allocation sites in the program and dynamically ... While all languages can benefit from efficient automatic memory management, languages like JavaScript present extra thrill with innocentlooking but difficult features like dynamically-sized arrays, deletable ... Allocation mementos efficiently tie objects to a small payload without a large space or time cost on the program. ...

doi:10.1145/2887746.2754181 fatcat:7o3cbwpjyfgr3b7mpfvzom3ebe

We introduce a new implementation technique where allocation mementos processed by the garbage collector and runtime system efficiently tie objects back to allocation sites in the program and dynamically ... While all languages can benefit from efficient automatic memory management, languages like JavaScript present extra thrill with innocentlooking but difficult features like dynamically-sized arrays, deletable ... Allocation mementos efficiently tie objects to a small payload without a large space or time cost on the program. ...

doi:10.1145/2754169.2754181 dblp:conf/iwmm/CliffordPST15 fatcat:4k646jgtdjemrhkh5jteohfoey

Our framework has been open-sourced and is available to the security community. IEEE Symposium on Security and Privacy ... In many situations binary analysis is the only possible way to prove (or disprove) properties about the code that is actually executed. ... Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. ...

doi:10.1109/sp.2016.17 dblp:conf/sp/Shoshitaishvili16 fatcat:dw3axxn4mbczjmhpwhwd5jnfe4

Using these insights, we show how to choose optimized defenses for kernels to handle system events, enabling comprehensive and efficient CFI enforcement. ... We present a mostly-automated approach for retrofitting kernel software that leverages features of such software to enable comprehensive, efficient, fine-grained CFI enforcement. ... This material is based upon work supported by the National Science Foundation under Grant No. CNS-1408880 and No. CNS-1513783. ...

doi:10.1109/eurosp.2016.24 dblp:conf/eurosp/GeTPJ16 fatcat:6oplu6rbgfcjlnipr2kzfb2cpe

This enables a seamless design without special casing to distinguish overflowed from non-overflowed cases. ... spaces (as opposed to distributed STM systems based on replicating the heap across a set of address spaces). ... WWT was a DARPA and NSF-funded project investigated new approaches to simulating, building, and programming parallel shared-memory computers. ...

doi:10.2200/s00272ed1v01y201006cac011 fatcat:25d3gvp5zrfqlgpzdzknqouofi

Software-based microarchitectural attacks exploit effects of these optimizations. ... In the second part, a selection of our papers are provided without modification from their original publications. ... We present a countermeasure against Prefetch Side-Channel Attacks on commodity systems, that involves reorganizing the user and kernel address space to protect KASLR. ...

arXiv:1706.05973v1 fatcat:4hwdpe4dancmblsxasg3a75h7a

The obvious way to simplify the analysis of speculative-execution attacks is to eliminate speculative execution. ... cost analyses consider only software written for current instruction-set architectures, so they do not rule out the possibility of a new instruction-set architecture providing acceptable performance without ... overflows. ...

arXiv:2007.15919v2 fatcat:d2ejjqtr7rhuhfyn4gtjcf45hq

Multiple Versions

ACKNOWLEDGEMENTS The Authors wish to thank Prof. Dr. ... to the base of natural logarithms, i.e. 2.718281828459045 c .. ... E6) int nmb buffers = e the number of items the buffer can hold e; [1 : nmb buffers] item buffer; int index := 0, exdex := 0; ¢ pointers to items within the buffer ¢ bool work to be done := true, ...

doi:10.2307/2528981 fatcat:sgyece5sifdvzagrpkzfthedrm

JSTOR

LogTM's unique log-based version management combined with innovative sticky states allow it to break this dependence on the cache without adding complex hardware. ... Furthermore, transactions may be nested to allow programmers to build thread-safe libraries without exposing implementation details such as locking conventions to higher levels of software. ... HTM systems are not only more efficient than STMs, but are more efficient than lock-based synchronization for most applications. ...

doi:10.1109/hpca.2006.1598134 dblp:conf/hpca/MooreBMHW06 fatcat:7joai4xgm5b2tbgdgx3vvwxh3q

Line 3 sets the buffering mode for the Handle to line-buffering; if we don't do that then output sent to the Handle will be buffered up by the I/O layer until there is a full block (which is more efficient ... Communication is implicit in GHC since all tasks share the same heap, and can share objects without restriction. ... On the other hand, if we wanted to use a typed channel to send the Ping messages, things get more complicated. ...

doi:10.1007/978-3-642-32096-5_7 fatcat:vaj62c3ijre3nof5dchrrlfv4m

The model is based on the concept of an environmentally safe stationary state of the marine ecosystem, in which these rates are equal and the risk of infection of vacationers with bacterial, viral and ... It is assumed that this risk is proportional to the rate of increase in the concentration of pollution entering the marine environment during delivery of services, and inversely proportional to the rate ... But we do recognize limits to protectionism, especially when applied to protect rival goods against competition from non-rival goods. ...

doi:10.22449/2413-5577-2020-4-130-143 fatcat:j24l5jjqtrbtfilvceslsnca24

Citation

I. E. Timchenko, E. M. Igumnova, A. S. Beskorovayny, Marine Hydrophysical Institute, Russian Academy of Science, Sevastopol, Russia, Marine Hydrophysical Institute, Russian Academy of Sciences, Sevastopol, Russia, Marine Hydrophysical Institute, Russian Academy of Sciences, Sevastopol, Russia. "Ecological Safety and Economic Profitability of a Recreation Object in the Coast – Sea System." Ekologicheskaya bezopasnost pribrezhnoy i shel fovoy zon morya (2020)

Efficient Protection Against Heap-Based Buffer Overflows Without Resorting to Magic [chapter]

Preserved Fulltext

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution [chapter]

Preserved Fulltext

On the General Applicability of Instruction-Set Randomization

Preserved Fulltext

The BORG

Preserved Fulltext

Memento mori: dynamic allocation-site-based optimizations

Preserved Fulltext

Memento mori: dynamic allocation-site-based optimizations

Preserved Fulltext

SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis

Preserved Fulltext

Fine-Grained Control-Flow Integrity for Kernel Software

Preserved Fulltext

Transactional Memory, 2nd edition

Preserved Fulltext

Software-based Microarchitectural Attacks [article]

Preserved Fulltext

BasicBlocker: ISA Redesign to Make Spectre-Immune CPUs Faster [article]

Preserved Fulltext

Other Versions

Informal Introduction to ALGOL 68

Preserved Fulltext

LogTM: Log-based Transactional Memory

Preserved Fulltext

Parallel and Concurrent Programming in Haskell [chapter]

Preserved Fulltext

Ecological Safety and Economic Profitability of a Recreation Object in the Coast – Sea System Ekologicheskaya bezopasnost' i ekonomicheskaya rentabel'nost' ob"yekta rekreatsii v sisteme bereg – more

Preserved Fulltext

Ecological Safety and Economic Profitability of a Recreation Object in the Coast – Sea System
Ekologicheskaya bezopasnost' i ekonomicheskaya rentabel'nost' ob"yekta rekreatsii v sisteme bereg – more