Memory Errors: The Past, the Present, and the Future

@inproceedings{Veen2012MemoryET,
  title={Memory Errors: The Past, the Present, and the Future},
  author={V. V. D. Veen and Nitish dutt-Sharma and L. Cavallaro and H. Bos},
  booktitle={RAID},
  year={2012}
}
Memory error exploitations have been around for over 25 years and still rank among the top 3 most dangerous software errors. Why haven't we been able to stop them? Given the host of security measures on modern machines, are we less vulnerable than before, and can we expect to eradicate memory error problems in the near future? In this paper, we present a quarter century worth of memory errors: attacks, defenses, and statistics. A historical overview provides insights in past trends and… Expand
Saturation Memory Access: Mitigating Memory Spatial Errors without Terminating Programs.
TLDR
The results show that the compiler enables the programs to execute successfully through buffer overflow attacks and the prototype of SMA, a memory spatial error mitigation mechanism that prevents out-of-bounds access without terminating a program, is implemented. Expand
Defeating Memory Error Exploits by Program Diversification and Process Replication
TLDR
A prototype of a monitor program is presented, which utilizes Linux's debugging functionality with the aim of tracing the diversified processes in user-mode and demonstrates that such an approach can deterministically prevent the exploitation of memory errors. Expand
Research on Classification of Memory Attack
Exploits on memory vulnerability has existed for two or three decades, it's always an important problem how to prevent memory attack. Vulnerability patch can't resolve the problem fundamentally, weExpand
SoK: Eternal War in Memory
TLDR
The current knowledge about various protection techniques are systematized by setting up a general model for memory corruption attacks, and what policies can stop which attacks are shown, to analyze the reasons why protection mechanisms implementing stricter polices are not deployed. Expand
MEMLOCK: Memory Usage Guided Fuzzing
TLDR
This work proposes a memory usage guided fuzzing technique, named MemLock, to generate the excessive memory consumption inputs and trigger uncontrolled memory consumption bugs and results show that MemLock substantially outperforms the state-of-the-art fuzzing techniques, including AFL, AFLfast, PerfFuzz, Fairfuzz, Angora and QSYM, in discovering memory consumption Bugs. Expand
Diversity and information leaks
TLDR
It is stressed that the best way to mitigate memory corruption vulnerabilities is to deploy multiple different mitigation techniques, as opposed to being overly reliant on any single defense. Expand
Preventing zero-day exploits of memory vulnerabilities with guard lines
TLDR
Guard Lines is described, a hardware / software memory error detector that detects common types of spatial and temporal memory errors at runtime without imposing a significant performance penalty (on average only 4%). Expand
Security through emulation-based processor diversification
TLDR
This paper proposes a novel strategy to thwart memory error exploitation by dynamically changing, upon crash detection, the variant executing the networking server. Expand
Sulong : Memory Safe and Efficient Execution of LLVM-Based Languages
Memory errors in C/C++ can allow an attacker to read sensitive data, corrupt the memory, or crash the executing process. The renowned top 25 of most dangerous software errors as published by the SANSExpand
DynaGuard: Armoring Canary-based Protections against Brute-force Attacks
TLDR
DynaGuard is presented, an extension to canary-based protections that further armors hardened applications against brute-force canary attacks, and the proposed design overcomes the limitations of previous proposals, ensuring application correctness and seamless integration with third-party software. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 257 REFERENCES
Efficient Techniques for Comprehensive Protection from Memory Error Exploits
TLDR
This approach argues that this approach provides probabilistic protection against all memory error exploits, whether they be known or novel, and is implemented as a fully automatic source-to-source transformation which is compatible with legacy C code. Expand
Minemu: The World's Fastest Taint Tracker
TLDR
This paper designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint, and the results are very promising. Expand
Diversified Process Replicæ for Defeating Memory Error Exploits
TLDR
This work defines pr as the replica of a process p which behaves identically to p but has some "structural" diversity from it, thus defeating absolute and partial overwriting memory error exploits and making possible to detect memory corruption attacks in a deterministic way. Expand
Preventing Memory Error Exploits with WIT
TLDR
This work presents write integrity testing (WIT), a new technique that provides practical protection from memory errors that compiles C and C++ programs without modifications, it has high coverage with no false positives, and it has low overhead. Expand
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
  • C. Cowan
  • Computer Science
  • USENIX Security Symposium
  • 1998
TLDR
StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance. Expand
ILR: Where'd My Gadgets Go?
TLDR
Instruction Location Randomization (ILR) randomizes the location of every instruction in a program, thwarting an attacker's ability to re-use program functionality (e.g., arc-injection attacks and return-oriented programming attacks). Expand
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
TLDR
This paper develops a systematic study of a particular kind of obfuscation called address obfuscation that randomizes the location of victim program data and code, and presents an implementation that transforms object files and executables at link-time and load-time. Expand
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization
TLDR
This paper proposes the first design for fine-grained address space randomization (ASR) inside the operating system (OS), providing an efficient and comprehensive countermeasure against classic and emerging attacks, such as return-oriented programming. Expand
Surgically Returning to Randomized lib(c)
TLDR
It is concluded that position independent executables (PIE) are essential to complement ASLR and to prevent the attack presented in this paper, which can exploit the majority of programs vulnerable to stack-based buffer overflows surgically. Expand
Cling: A Memory Allocator to Mitigate Dangling Pointers
TLDR
Cling is presented, a memory allocator designed to thwart use-after-free vulnerabilities, notably including those hijacking the C++ virtual function dispatch mechanism, with low CPU and physical memory overhead even for allocation intensive applications. Expand
...
1
2
3
4
5
...