Security '03 Paper   
[Security '03 Technical Program]
Address Obfuscation: an Efficient Approach to
Combat a Broad Range of Memory Error Exploits
Sandeep Bhatkar, Daniel C. DuVarney,
and R. Sekar
Department of Computer Science,
Stony Brook University, Stony Brook, NY 11794
{sbhatkar,dand,sekar}@cs.sunysb.edu
Abstract:
Attacks which exploit memory programming errors (such as buffer overflows)
are one of today's most serious security threats. These attacks require an
attacker to have an in-depth understanding of the internal details of a
victim program, including the locations of critical data and/or code. Program obfuscation is a general technique for securing programs by
making it difficult for attackers to acquire such a detailed
understanding. This paper develops a systematic study of a particular kind
of obfuscation called address obfuscation that randomizes the
location of victim program data and code. We discuss different
implementation strategies to randomize the absolute locations of data and
code, as well as relative distances between data locations. We then
present our implementation that transforms object files and executables at
link-time and load-time. It requires no changes to the OS kernel or
compilers, and can be applied to individual applications without affecting
the rest of the system. It can be implemented with low runtime overheads.
Address obfuscation can reduce the probability of successful attacks to be
as low as a small fraction of a percent for most memory-error related
attacks. Moreover, the randomization ensures that an attack that succeeds
against one victim will likely not succeed against another victim, or even
for a second time against the same victim. Each failed attempt will
typically crash the victim program, thereby making it easy to detect
attack attempts. These aspects make it particularly effective against
large-scale attacks such as Code Red, since each infection attempt
requires significantly more resources, thereby slowing down the
propagation rate of such attacks.
This document was translated from LATEX by
HEVEA and HACHA.
|