CPM: Masking Code Pointers to Prevent Code Injection Attacks

  title={CPM: Masking Code Pointers to Prevent Code Injection Attacks},
  author={Pieter Philippaerts and Yves Younan and Stijn Muylle and Frank Piessens and Sven Lachmund and Thomas Walter},
  journal={ACM Trans. Inf. Syst. Secur.},
Code Pointer Masking (CPM) is a novel countermeasure against code injection attacks on native code. By enforcing the correct semantics of code pointers, CPM thwarts attacks that modify code pointers to divert the application’s control flow. It does not rely on secret values such as stack canaries and protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance. This article reports on two prototype implementations on very distinct processor… 

Figures and Tables from this paper

Protecting Instruction Set Randomization from Code Reuse Attacks

This paper shows that code-reuse attacks can be used to circumvent existing ISR techniques and it proposes a new ISR that does not have the same vulnerabilities as the existing solutions, imposes moderate decryption cost, does not require additional memory per instruction, and affords efficient random access to the encrypted code.

Defence Against Code Injection Attacks

This paper explores the contemporary defence strategies against code injection attacks (CIAs) and suggests a number of countermeasure mechanisms for protecting from CIAs and relies on the multiplexing technique to preserve the exact return code to ensure the integrity of program execution trace of shell code.

CFI: Control Flow Integrity or Control Flow Interruption?

This paper focuses on some of the CFI-based defenses and shows how the unexpected trigger of an interrupt and the sudden execution of an Interrupt Service Routine (ISR) can circumvent them.

A Method for Malware Detection in Virtualization Environment

This paper found that the presence of certain API function calls may confirm the existence of malware, and proposes a novel approach to detect malware based on API function call information, implemented using the volatility framework.

Machine-Learning-Based Malware Detection for Virtual Machine by Analyzing Opcode Sequence

This research proposes a novel static analysis method for unknown malware detection based on the feature of opcode n-gram of the executable files, which has the optimal accuracy of 98.2%.

Decoupling Security Services from IaaS Cloud Through Remote Virtual Machine Introspection

The preliminary experimental results show that SE-Cloud can provide more robust and flexible protections for tenant virtual machines with acceptable overhead and with the separation of introspection and security-business code, the security services can not be abused by administrators and have little impact on the management virtual machine.

LsSQLIDP : Literature survey on SQL injection detection and prevention techniques

All the existing types, detection and prevention techniques for SQLinAs are analyzed and showcased in this paper and it is shown how these techniques can be used to better understand the attack.

Modeling runtime enforcement with mandatory results automata

It is argued that MRAs make good general models of runtime mechanisms, upon which a theory of runtime enforcement can be based and characterizing the policies deterministic and non-deterministic MRAs can and cannot enforce.

Privacy preserving, verifiable and efficient outsourcing algorithm for matrix multiplication to a malicious cloud server

A privacy-preserving, verifiable and efficient algorithm for matrix multiplication in outsourcing paradigm illustrated by the following scenario: the client is having a large data-set and needs to perform matrix multiplication, but unable to process due to the lack of computing resources.

A Review of Botnet Detection Approaches Based on DNS Traffic Analysis

This review explores the various botnet detection techniques through providing a study for detection approached based on DNS traffic analysis, and some related topics, including technological background, life cycle, evasion, and detection techniques of botnets are introduced.



Code Pointer Masking: Hardening Applications against Code Injection Attacks

This paper presents an efficient countermeasure against code injection attacks that protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance by enforcing the correct semantics of code pointers.

Extended Protection against Stack Smashing Attacks without Performance Loss

This paper presents an efficient countermeasure against stack smashing attacks that does not rely on secret values and protects against attacks that are not addressed by state-of-the-art countermeasures.

Runtime countermeasures for code injection attacks against C and C++ programs

This work provides a comprehensive and structured survey of vulnerabilities and countermeasures that operate at runtime that make different trade-offs in terms of performance, effectivity, compatibility, etc., making it hard to evaluate and compare countermeasures in a given context.

Countering code-injection attacks with instruction-set randomization

A new, general approach for safeguarding systems against any type of code-injection attack, by creating process-specific randomized instruction sets of the system executing potentially vulnerable software that can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.

ROPdefender: a detection tool to defend against return-oriented programming attacks

This paper presents a tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions) and can be immediately deployed by end-users, since it does not rely on side information which is rarely provided in practice.

Randomized instruction set emulation to disrupt binary code injection attacks

A randomized instruction set emulator (RISE), based on the open-source Valgrind x86-to-x86 binary translator, which disrupts binary code injection attacks against a program without requiring its recompilation, linking, or access to source code.

PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities

The PointGuard implementation is described, its overhead is shown to be low when protecting real security-sensitive applications such as OpenSSL, and it is shown that PointGuard is effective in defending against buffer overflow vulnerabilities that are not blocked by previous defenses.

Breaking the memory secrecy assumption

This paper identifies a new class of vulnerabilities -- buffer overreads -- that occur in practice and that can be exploited to read parts of the memory contents of a process running a vulnerable application.

Transparent runtime randomization for security

  • Jun XuZ. KalbarczykR. Iyer
  • Computer Science
    22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings.
  • 2003
A large class of security attacks exploit software implementation vulnerabilities such as unchecked buffers. This paper proposes transparent runtime randomization (TRR), a generalized approach for

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks

  • C. Cowan
  • Computer Science
    USENIX Security Symposium
  • 1998
StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.