Abstract

Memory errors are still a serious threat affecting millions of devices worldwide. Recently, bounty programs have reached a new record, paying up to USD 2.5 million for one single vulnerability in Android and up to USD 2 million for Apple’s operating system. In almost all cases, it is common to exploit memory errors in one or more stages to fully compromise those devices. In this paper, we review and discuss the importance of memory error vulnerabilities, and more specifically stack buffer overflows to provide a full view of how memory errors are exploited. We identify the root causes that make those attacks possible on modern x86-64 architecture in the presence of modern protection techniques. We have analyzed how unsafe library functions are prone to buffer overflows, revealing that although there are secure versions of those functions, they are not actually preventing buffer overflows from happening. Using secure functions does not result in software free from vulnerabilities and it requires developers to be security-aware. To overcome this problem, we discuss the three main security protection techniques present in all modern operating system; the non-eXecutable bit (NX), the Stack Smashing Protector (SSP) and the Address Space Layout Randomization (ASLR). After discussing their effectiveness, we conclude that although they provide a strong level of protection against classical exploitation techniques, modern attacks can bypass them.

Highlights

  • Every computing device, from the servers that comprise the infrastructure of the internet to electronic cars, to the internet-of-things devices that are increasingly making their way into people’s homes, has digital memory.vulnerabilities exploiting memory errors are still a major threat

  • In a quantitative study conducted [1], it was found that memory buffer errors account for 14% of all vulnerabilities reported to MITRE’s Common Vulnerabilities and Exposures (CVE) database and the National Institute of Standards and Technology’s National Vulnerability Database (NIST NVD) from 1988 to 2012

  • Protector (SSP), which adds a canary/cookie/guard value in stack frames to mitigate against the overwriting of the frame return address; the Address Space Layout Randomisation (ASLR), which randomises the virtual memory addresses layout of a process memory to thwart attacks that relies on known memory locations; and the Non-eXecutable (NX), which enables readable memory to be non-writable, meaning that any malicious code injected for example into the stack as part of an attack payload will not be executed by the CPU

Read more

Summary

Introduction

From the servers that comprise the infrastructure of the internet to electronic cars, to the internet-of-things devices that are increasingly making their way into people’s homes, has digital memory. Protector (SSP), which adds a canary/cookie/guard value in stack frames to mitigate against the overwriting of the frame return address; the Address Space Layout Randomisation (ASLR), which randomises the virtual memory addresses layout of a process memory to thwart attacks that relies on known memory locations; and the Non-eXecutable (NX), which enables readable memory to be non-writable, meaning that any malicious code injected for example into the stack as part of an attack payload will not be executed by the CPU Those protection techniques mitigates the exploitation, they do not eliminate the vulnerabilities itself but make the exploitation harder.

Memory Errors
Techniques to Protect Memory Errors
Attackers Evolve and Innovate
Description of Memory Error Solutions
Background: x86-64 Architecture Overview
Endianness
Strings
Processor Registers
System V Calling Convention
Instruction Set
Stack Memory
Unsafe GLIBC Functions
Attack Approaches
Denial of Service
Code Injection
Return Orientated Programming
Memory Protection Techniques
Effectiveness Summary
Findings
Conclusions
Full Text

Published Version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows
Hector Marco Gisbert ... Ismael Ripoll
-
Hector Marco Gisbert, et. al.Hector Marco Gisbert ... Ismael Ripoll
01 Aug 2014
LAEG: Leak-based AEG using Dynamic Binary Analysis to Defeat ASLR
Wei-Loon Mow ... Hsu-Chun Hsiao
-
Wei-Loon Mow, et. al.Wei-Loon Mow ... Hsu-Chun Hsiao
22 Jun 2022
Exploiting stack-based buffer overflow using modern day techniques
Ștefan Nicula ... Răzvan Daniel Zota
Procedia Computer Science | VOL. 160
Ștefan Nicula, et. al.Ștefan Nicula ... Răzvan Daniel Zota
01 Jan 2019
An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques
Muhammad Arif Butt ... Muhammad Idrees
Applied Sciences | VOL. 12
Muhammad Arif Butt, et. al.Muhammad Arif Butt ... Muhammad Idrees
01 Jul 2022
View more papers

More From: Computers

Paper Title
Journal
Date
Author
Augmented Reality for Event Promotion
Tiago Lameirão ... Filipe Pinto
Computers | VOL. 13
Tiago Lameirão, et. al.Tiago Lameirão ... Filipe Pinto
16 Dec 2024
A Comparative Study of Sentiment Analysis on Customer Reviews Using Machine Learning and Deep Learning
Logan Ashbaugh ... Yan Zhang
Computers | VOL. 13
Logan Ashbaugh, et. al.Logan Ashbaugh ... Yan Zhang
15 Dec 2024
Identifying Bias in Deep Neural Networks Using Image Transforms
Sai Teja Erukude ... Lior Shamir
Computers | VOL. 13
Sai Teja Erukude, et. al.Sai Teja Erukude ... Lior Shamir
15 Dec 2024
Design and Development of a Low-Cost Educational Platform for Investigating Human-Centric Lighting (HCL) Settings
George K Adam ... Aris Tsangrassoulis
Computers | VOL. 13
George K Adam, et. al.George K Adam ... Aris Tsangrassoulis
14 Dec 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.