CPM: Masking Code Pointers to Prevent Code Injection Attacks

Q Engineering ACM Transactions on Information and System Security Pub Date : 2013-06-01 DOI:10.1145/2487222.2487223

Pieter Philippaerts, Yves Younan, Stijn Muylle, F. Piessens, Sven Lachmund, T. Walter

引用次数: 23

Abstract

Code Pointer Masking (CPM) is a novel countermeasure against code injection attacks on native code. By enforcing the correct semantics of code pointers, CPM thwarts attacks that modify code pointers to divert the application’s control flow. It does not rely on secret values such as stack canaries and protects against attacks that are not addressed by state-of-the-art countermeasures of similar performance. This article reports on two prototype implementations on very distinct processor architectures, showing that the idea behind CPM is portable. The evaluation also shows that the overhead of using our countermeasure is very small and the security benefits are substantial.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

CPM:屏蔽代码指针以防止代码注入攻击

代码指针掩蔽(CPM)是一种针对本地代码的代码注入攻击的新对策。通过强制代码指针的正确语义，CPM可以阻止修改代码指针以转移应用程序控制流的攻击。它不依赖于诸如堆栈金丝雀之类的秘密值，并且可以防止性能相似的最新对策无法解决的攻击。本文报告了在非常不同的处理器体系结构上的两个原型实现，展示了CPM背后的思想是可移植的。评估还表明，使用我们的对策的开销非常小，安全效益是可观的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACM Transactions on Information and System Security 工程技术-计算机：信息系统

CiteScore

4.50

自引率

0.00%

发文量

审稿时长

3.3 months

期刊介绍： ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.

期刊最新文献

An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics A New Framework for Privacy-Preserving Aggregation of Time-Series Data Behavioral Study of Users When Interacting with Active Honeytokens Model Checking Distributed Mandatory Access Control Policies Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*