The Continuing Arms Race: Code-Reuse Attacks and Defenses
Abstract
Almost three decades ago, the Morris Worm infected thousands of UNIX workstations by, among other things, exploiting a buffer-overflow error in the fingerd daemon [Spafford1989]. Buffer overflows are just one example of a larger class of memory (corruption) errors [Szekeres et al. 2013; van der Veen et al. 2012]. The root of the issue is that systems programming languagesC and its derivativesexpect programmers to access memory correctly and eschews runtime safety checks to maximize performance. There are three possible ways to address the security issues associated with memory corruption. One is to migrate away from these legacy languages which were designed four decades ago, long before computers were networked and thus exposed to remote adversaries. Another is to retrofit the legacy code with runtime safety checks. This is a great option whenever the, often substantial, cost of runtime checking is acceptable. In cases where legacy code must run at approximately the same speed, however, we must fall back to targeted mitigations which, unlike the other remedies, do not prevent memory corruption. Instead, mitigations make it harder, i.e., more labor intensive, to turn errors into exploits.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 23, 2018
- Accession Number
- AD1084807
Entities
People
- Andrei Homescu
- Hamed Okhravi
- Michael Franz
- Per Larsen
- Stephen Crane
Organizations
- MIT Lincoln Laboratory