Introduction
While memory safety is at the heart of preventing attacks via undefined semantic behavior, it is not the only approach to thwarting such attacks. Information flow, randomization, and canaries have also been used to detect attacks against undefined C program behavior. It is useful to be aware of these techniques and understand the tradeoffs between full memory safety and these other techniques.
Below are papers on various related topics to attack detection and prevention.
Information Flow Papers
-
Real-World Buffer Overflow Protection for Userspace & Kernelspace
Michael Dalton, Hari Kannan, and Christos Kozyrakis
Proceedings of the Seventeenth Usenix Security Symposium, August 2008.
-
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
Shuo Chen, Jun Xu, Nithin Nakka, Zbigniew Kalbarczyk, and Ravishankar K. Iyer
Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005), June 2005.
-
Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature
Generation of Exploit Attacks on Commodity Software
James Newsome and Dawn Song
Proceedings of the Network and Distributed Systems Security Symposium , February 2005.
Randomization and Probabilistic Safety Papers
-
Data Randomization
Cristian Cadar, Periklis Akritidis, Manuel Costa, Jean-Philippe Martin, and Miguel Castro
MSR-TR-2008-120, September 2008.
-
Data Space Randomization
Sandeep Bhatkar and R. Sekar
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2008), July 2008.
-
Archipelago: Trading Address Space for Reliability and Security
Vitaliy B. Lvin, Gene Novark, Emery D. Berger, and Benjamin G. Zorn
Proceedings of the Thirteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '08), Seattle, WA, March 2008.
-
DieHard: Probabilistic Memory Safety for Unsafe Languages
Emery D. Berger and Benjamin G. Zorn
Proceedings of the 2006 ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI 2006), Ottawa, Canada, June 2006.
-
PointGuard™: Protecting Pointers From Buffer Overflow
Vulnerabilities
Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle
Proceedings of the Twelfth Usenix Security Symposium, Washington, D.C., August 2003.
-
Address Obfuscation: An Efficient Approach to Combat a Broad Range of
Memory Error Exploits
Sandeep Bhatkar, Daniel DuVarney and R. Sekar
Proceedings of the Twelfth Usenix Security Symposium, Washington, D.C., August 2003.
-
StackGuard: Automatic Adaptive Detection and Prevention of
Buffer-overflow Attacks
Crispin Cowan, Calton Pu, Dave Maier, Heather Hintony, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang
Proceedings of the Seventh Usenix Security Symposium, San Antonio, Texas, January 1998.
Control Flow Integrity Papers
-
KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels
John Criswell, Nathan Dautenhahn, and Vikram Adve.
Proceedings of the Thirty Fifth IEEE Symposium on Security and Privacy (Oakland 2014) , San Jose, CA, May 2014.
-
Control Flow Integrity for COTS Binaries
Mingwei Zhang and R. Sekar.
Proceedings of the Twenty Second Usenix Security Symposium, Washington, D.C., August 2013.
-
Practical Control Flow Integrity and Randomization for Binary Executables
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou.
Proceedings of the Thirty Fourth IEEE Symposium on Security and Privacy (Oakland 2013) , San Francisco, CA, May 2013.
-
Combining Control-Flow Integrity and Static Analysis for Efficient and
Validated Data Sandboxing
Bin Zeng, Gang Tan, and Greg Morrisett.
Proceedings of the Eighteenth Conference on Computer and Communications Security , Chicago, IL, October 2011.
-
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor
Control-Flow Integrity
Zhi Wang and Xuxian Jiang.
Proceedings of the Thirty First IEEE Symposium on Security and Privacy, Oakland, CA, May 2010.
-
Control-flow Integrity Principles, Implementations, and Applications
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti
ACM Transactions on Information and System Security (TISSEC 2009), October 2009.
Miscellaneous Papers
-
Defeating Return-Oriented Rootkits with "Return-Less" Kernels
Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram.
Proceedings of the Fifth European conference on Computer systems, Paris, France, April 2010.