Abstract
An important objective for low-level software security research is to develop techniques that make it harder to launch attacks that exploit implementation details of the system under attack. Baltopoulos and Gordon have summarized this as the principle of source-based reasoning for security: security properties of a software system should follow from review of the source code and its source-level semantics, and should not depend on details of the compiler or execution platform.
Whether the principle holds – or to what degree – for a particular system depends on the attacker model. If an attacker can only provide input to the program under attack, then the principle holds for any safe programming language. However, for more powerful attackers that can load new native machine code into the system, the principle of source-based reasoning typically breaks down completely.
In this paper we discuss state-of-the-art approaches for securing code written in C-like languages for both attacker models discussed above, and we highlight some very recent developments in low-level software security that hold the promise to restore source-based reasoning even against attackers that can provide arbitrary machine code to be run in the same process as the program under attack.
Chapter PDF
Similar content being viewed by others
References
Abadi, M., Plotkin, G.D.: On protection by layout randomization. In: CSF, pp. 337–351. IEEE Computer Society (2010)
Agten, P., Strackx, R., Jacobs, B., Piessens, F.: Secure compilation to modern processors. In: CSF (2012)
Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th USENIX Security Symposium, Montreal, QC (August 2009)
Azab, A., Ning, P., Zhang, X.: Sice: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 375–388. ACM (2011), http://www4.ncsu.edu/~amazab/SICE-CCS11.pdf
Baltopoulos, I.G., Gordon, A.D.: Secure compilation of a multi-tier web language. In: TLDI, pp. 27–38 (2009)
Barrantes, E.G., Ackley, D.H., Forrest, S., Palmer, T.S., Stefanović, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, D.C, pp. 281–289 (October 2003)
Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington, D.C, pp. 105–120 (August 2003)
Bhatkar, S., Sekar, R.: Data Space Randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1–22. Springer, Heidelberg (2008)
Bulba, Kil3r: Bypassing Stackguard and Stackshield. Phrack 56 (2000)
Chew, M., Song, D.: Mitigating buffer overflows by operating system randomization. Tech. Rep. CMU-CS-02-197, Carnegie Mellon University (December 2002)
Cowan, C., Beattie, S., Johansen, J., Wagle, P.: PointGuard: protecting pointers from buffer overflow vulnerabilities. In: Proceedings of the 12th USENIX Security Symposium, Washington, D.C, pp. 91–104 (August 2003)
Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the 7th USENIX Security Symposium (1998)
El Defrawy, K., Francillon, A., Perito, D., Tsudik, G.: Smart: Secure and minimal architecture for (establishing a dynamic) root of trust. In: Proceedings of the Network & Distributed System Security Symposium (NDSS), San Diego, CA (2012), http://francillon.net/~aurel/papers/2012_SMART.pdf
Erlingsson, U., Younan, Y., Piessens, F.: Low-level software security by example. In: Handbook of Information and Communication Security. Springer (2010)
IBM: Gcc extension for protecting applications from stack-smashing attacks, http://www.trl.ibm.com/projects/security/ssp/
Jagadeesan, R., Pitcher, C., Rathke, J., Riely, J.: Local memory via layout randomization. In: CSF, pp. 161–174. IEEE Computer Society (2011)
Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: A safe dialect of c. In: Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC 2002, pp. 275–288. USENIX Association, Berkeley (2002), http://dl.acm.org/citation.cfm?id=647057.713871
Jones, R.W.M., Kelly, P.H.J.: Backwards-compatible bounds checking for arrays and pointers in C programs. In: Proceedings of the 3rd International Workshop on Automatic Debugging, Linköping, Sweden, pp. 13–26 (1997)
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, D.C, pp. 272–280 (October 2003)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010), http://www.ece.cmu.edu/~jmmccune/papers/MLQZDGP2010.pdf
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proceedings of the ACM European Conference in Computer Systems (EuroSys), pp. 315–328. ACM (April 2008), http://www.ece.cmu.edu/~jmmccune/papers/mccune_parno_perrig_reiter_isozaki_eurosys08.pdf
Necula, G.C., Condit, J., Harren, M., McPeak, S., Weimer, W.: Ccured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst. 27(3), 477–526 (2005), http://doi.acm.org/10.1145/1065887.1065892
Pierce, B.C.: Types and Programming Languages. MIT Press (2002)
Robertson, W., Kruegel, C., Mutz, D., Valeur, F.: Run-time detection of heap-based overflows. In: Proceedings of the 17th Large Installation Systems Administrators Conference, pp. 51–60. USENIX Association (2003)
Roglia, G.F., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: 25th Annual Computer Security Applications Conference (2009)
Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, Washington, D.C, pp. 552–561 (October 2007)
Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the Effectiveness of Address-Space Randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, D.C, pp. 298–307 (October 2004)
Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing tcb complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006), http://www.cs.kuleuven.ac.be/conference/EuroSys2006/papers/p161-singaravelu.pdf
Strackx, R., Piessens, F., Preneel, B.: Efficient isolation of trusted subsystems in embedded systems. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 344–361. Springer, Heidelberg (2010)
Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: EUROSEC, pp. 1–8 (2009)
Van Acker, S., Nikiforakis, N., Philippaerts, P., Younan, Y., Piessens, F.: ValueGuard: Protection of Native Applications against Data-Only Buffer Overflows. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 156–170. Springer, Heidelberg (2010)
Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. SIGOPS Oper. Syst. Rev. 27(5), 203–216 (1993), http://doi.acm.org/10.1145/173668.168635
Wojtczuk, R.: Defeating solar designer non-executable stack patch. Posted on the Bugtraq mailinglist (January 1998), http://www.securityfocus.com/archive/1/8470
Younan, Y., Joosen, W., Piessens, F.: Code injection in C and C++: A survey of vulnerabilities and countermeasures. Tech. Rep. CW386, Departement Computerwetenschappen, Katholieke Universiteit Leuven (2004)
Younan, Y., Joosen, W., Piessens, F.: Runtime countermeasures for code injection attacks against C and C++ programs. ACM Computing Surveys (to appear, 2012)
Younan, Y., Philippaerts, P., Cavallaro, L., Sekar, R., Piessens, F., Joosen, W.: Paricheck: an efficient pointer arithmetic checker for c programs. In: ASIACCS, pp. 145–156. ACM (2010), http://dblp.uni-trier.de/db/conf/ccs/asiaccs2010.html#YounanPCSPJ10
Zeng, Q., Wu, D., Liu, P.: Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 367–377. ACM, New York (2011), http://doi.acm.org/10.1145/1993498.1993541
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Agten, P., Nikiforakis, N., Strackx, R., De Groef, W., Piessens, F. (2012). Recent Developments in Low-Level Software Security. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds) Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. WISTP 2012. Lecture Notes in Computer Science, vol 7322. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30955-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-30955-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30954-0
Online ISBN: 978-3-642-30955-7
eBook Packages: Computer ScienceComputer Science (R0)