Files in this item



application/pdfyuan_flore.pdf (2MB)
(no description provided)PDF


Title:Formal framework and tools to derive efficient application-level detectors against memory corruption attacks
Author(s):Yuan, Flore Q.
Advisor(s):Iyer, Ravishankar K.
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):Formal verification
memory corruption
application specific detectors
Abstract:Memory corruptions are a major part of security attacks observed nowadays. Many protection mechanisms have been proposed to fight against them. These techniques can be broadly classified into two categories: those that focus on preventing vulnerabilities from being exploited (canary value, libsafe) and those that focus on preventing important data (e.g. return address, critical variable) from being overwritten by attackers (IFS, taintedness tracking, WIT, random memory layout). As the range of vulnerabilities increases, we believe that protecting all vulnerabilities with specific techniques begins to be unrealistic. That is why we want to focus on the second category. This thesis proposes to use an existing formal tool, SymPLAID, to find the minimum set of critical memory locations one needs to protect. The analysis results are also used to derive selective detectors which are guaranteed to detect a given attack model. We demonstrate the methodology by deriving application specific detectors which are guaranteed to detect all attacks where the attacker's goal is to corrupt the application's end result by modifying one memory location. Very few, well placed detectors are needed to get a 100% coverage for the given attack model.
Issue Date:2010-06-22
Rights Information:Copyright 2010 Flore Q. Yuan
Date Available in IDEALS:2010-06-22
Date Deposited:May 2010

This item appears in the following Collection(s)

Item Statistics