| Paper Abstract and Keywords |
| Presentation |
2012-07-19 15:25
Detecting Invalid Control Flow with Pseudo-Dispersion of Program Code Eitaro Shioji, Yuhei Kawakoya, Makoto Iwamura, Takeo Hariu (NTT) ISEC2012-24 SITE2012-20 ICSS2012-26 EMM2012-16 |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
Attacks that modify the control flow of a running program by corrupting memory address pointers have been a major threat for many years. Majority of existing countermeasures were not successful at being widely adopted possibly due to their strict restrictions on targeted software such as requiring recompilation from source code, or causing integrity problems due to program modification. In this paper, we propose a novel defensive scheme based on the idea of embedding the checksum value of a memory address in the address itself. It hinders designation of an address used in code-reuse attacks by giving the attacker an illusion of program code being shredded into pieces at byte granularity and dispersed randomly over memory space. We present and discuss the design and implementation issues of an attack detection system based on this scheme. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
code-reuse attack / control-flow hijacking / address space layout randomization / software diversification / / / / |
| Reference Info. |
IEICE Tech. Rep., vol. 112, no. 128, ICSS2012-26, pp. 103-108, July 2012. |
| Paper # |
ICSS2012-26 |
| Date of Issue |
2012-07-12 (ISEC, SITE, ICSS, EMM) |
| ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
| Download PDF |
ISEC2012-24 SITE2012-20 ICSS2012-26 EMM2012-16 |
| Conference Information |
| Committee |
EMM ISEC SITE ICSS IPSJ-CSEC IPSJ-SPT |
| Conference Date |
2012-07-19 - 2012-07-20 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
|
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
Security |
| Paper Information |
| Registration To |
ICSS |
| Conference Code |
2012-07-EMM-ISEC-SITE-ICSS-CSEC-SPT |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Detecting Invalid Control Flow with Pseudo-Dispersion of Program Code |
| Sub Title (in English) |
|
| Keyword(1) |
code-reuse attack |
| Keyword(2) |
control-flow hijacking |
| Keyword(3) |
address space layout randomization |
| Keyword(4) |
software diversification |
| Keyword(5) |
|
| Keyword(6) |
|
| Keyword(7) |
|
| Keyword(8) |
|
| 1st Author's Name |
Eitaro Shioji |
| 1st Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
| 2nd Author's Name |
Yuhei Kawakoya |
| 2nd Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
| 3rd Author's Name |
Makoto Iwamura |
| 3rd Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
| 4th Author's Name |
Takeo Hariu |
| 4th Author's Affiliation |
Nippon Telegraph and Telephone Corporation (NTT) |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| 21st Author's Name |
|
| 21st Author's Affiliation |
() |
| 22nd Author's Name |
|
| 22nd Author's Affiliation |
() |
| 23rd Author's Name |
|
| 23rd Author's Affiliation |
() |
| 24th Author's Name |
|
| 24th Author's Affiliation |
() |
| 25th Author's Name |
|
| 25th Author's Affiliation |
() |
| 26th Author's Name |
/ / |
| 26th Author's Affiliation |
()
() |
| 27th Author's Name |
/ / |
| 27th Author's Affiliation |
()
() |
| 28th Author's Name |
/ / |
| 28th Author's Affiliation |
()
() |
| 29th Author's Name |
/ / |
| 29th Author's Affiliation |
()
() |
| 30th Author's Name |
/ / |
| 30th Author's Affiliation |
()
() |
| 31st Author's Name |
/ / |
| 31st Author's Affiliation |
()
() |
| 32nd Author's Name |
/ / |
| 32nd Author's Affiliation |
()
() |
| 33rd Author's Name |
/ / |
| 33rd Author's Affiliation |
()
() |
| 34th Author's Name |
/ / |
| 34th Author's Affiliation |
()
() |
| 35th Author's Name |
/ / |
| 35th Author's Affiliation |
()
() |
| 36th Author's Name |
/ / |
| 36th Author's Affiliation |
()
() |
| Speaker |
Author-1 |
| Date Time |
2012-07-19 15:25:00 |
| Presentation Time |
25 minutes |
| Registration for |
ICSS |
| Paper # |
ISEC2012-24, SITE2012-20, ICSS2012-26, EMM2012-16 |
| Volume (vol) |
vol.112 |
| Number (no) |
no.126(ISEC), no.127(SITE), no.128(ICSS), no.129(EMM) |
| Page |
pp.103-108 |
| #Pages |
6 |
| Date of Issue |
2012-07-12 (ISEC, SITE, ICSS, EMM) |