Title :
A methodology for designing countermeasures against current and future code injection attacks
Author :
Younan, Yves ; Joosen, Wouter ; Piessens, Frank
Author_Institution :
Dept. of Comput. Sci., Katholieke Universiteit Leuven, Belgium
Abstract :
This paper proposes a methodology to develop countermeasures against code injection attacks, and validates the methodology by working out a specific countermeasure. This methodology is based on modeling the execution environment of a program. Such a model is then used to build countermeasures. The paper justifies the need for a more structured approach to protect programs against code injection attacks: we examine advanced techniques for injecting code into C and C++ programs and we discuss state-of-the-art (often ad hoc) approaches that typically protect singular memory locations. We validate our methodology by building countermeasures that prevent attacks by protecting a broad variety of memory locations that may be used by attackers to perform code injections. The paper evaluates our approach and discusses ongoing and future work.
Keywords :
C++ language; buffer storage; security of data; C programs; C++ programs; attack countermeasures; buffer overflows; code injection attacks; program execution environment; program protection; singular memory locations; Buffer overflow; Buildings; Code standards; Computer science; Design methodology; Linux; Operating systems; Program processors; Protection; Runtime environment; Advanced exploitation techniques; C; C++; buffer over-flows; code injection; counter-measures;
Conference_Titel :
Information Assurance, 2005. Proceedings. Third IEEE International Workshop on
Print_ISBN :
0-7695-2317-X
DOI :
10.1109/IWIA.2005.2
