Detection, exploitation and mitigation of memory errors-Reference-Cited by-同舟云学术

Detection, exploitation and mitigation of memory errors

Published:2024-03-16 Issue:2 Volume:32 Page:281-292
ISSN:1367-0751
Container-title:Logic Journal of the IGPL
language:en
Short-container-title:

Author:

Llorente-Vazquez Oscar¹,Santos-Grueiro Igor²,Pastor-Lopez Iker³,Garcia Bringas Pablo⁴

Affiliation:

1. Faculty of Engineering, University of Deusto , 48007 Bilbao, Spain, ollorente@opendeusto.es

2. Faculty of Engineering, Mondragon Unibertsitatea , 20500 Arrasate-Mondragon, Spain; HP Labs, BS34 8QZ Bristol, UK, isantos@mondragon.edu ; igor.santos.grueiro@hp.com

3. Faculty of Engineering, University of Deusto , 48007 Bilbao, Spain, iker.pastor@deusto.es

4. Faculty of Engineering, University of Deusto , 48007 Bilbao, Spain, pablo.garcia.bringas@deusto.es

Abstract

Abstract Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs.

Publisher

Oxford University Press (OUP)

Link

https://academic.oup.com/jigpal/article-pdf/32/2/281/58499052/jzae008.pdf

Reference58 articles.

1. Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors;Akritidis;USENIX Security Symposium,2009

2. A survey of symbolic execution techniques;Baldoni;ACM Computing Surveys (CSUR),2018

3. Jump-oriented programming: a new class of code-reuse attack;Bletsch;ACM Symposium on Information, Computer and Communications Security,2011

4. Practical memory checking with dr. memory;Bruening;International Symposium on Code Generation and Optimization (CGO),2011

5. Control-flow integrity: precision, security, and performance;Burow;ACM Computing Surveys (CSUR),2017