Cited By
View all- Schaumont P(2017)Security in the internet of thingsProceedings of the Conference on Design, Automation & Test in Europe10.5555/3130379.3130543(674-679)Online publication date: 27-Mar-2017
Software security: vulnerabilities and countermeasures for two attacker models
Abstract
History has shown that attacks against network-connected software based systems are common and dangerous. An important fraction of these attacks exploit implementation details of the software based system. These attacks -- sometimes called low-level attacks -- rely on characteristics of the hardware, compiler or operating system used to execute software programs to make these programs misbehave, or to extract sensitive information from them. With the increased Internet-connectivity of embedded devices, including industrial control systems, sensors as well as consumer devices, there is a substantial risk that similar attacks will target these devices.
This tutorial paper explains the vulnerabilities, attacks and countermeasures relevant for low-level software security. The paper discusses software security for two different attacker models: the classic model of an attacker that can only interact with the program by providing input and reading output, and the more recent and challenging model of an attacker that controls part of the execution platform on which the software runs, for instance because the attacker has compromised the operating system, or some of the libraries that the software under attack relies on.
References
[1]
A. One, "Smashing the stack for fun and profit," Phrack, vol. 7, no. 49, November 1996.
[2]
H. Shacham, "The geometry of innocent flesh on the bone: Return-intolibc without function calls (on the x86)," in Proceedings of the 14th ACM conference on Computer and communications security, Washington, D. C., October 2007, pp. 552--561.
[3]
N. Huq, "Pos ram scraper malware: Past, present, and future," Trend Micro, Tech. Rep., 2015.
[4]
D. A. Patterson and J. L. Hennessy, Computer Organization and Design, Fifth Edition: The Hardware/Software Interface, 5th ed. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 2013.
[5]
R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter, "Breaking the memory secrecy assumption," in EUROSEC, 2009, pp. 1--8.
[6]
U. Erlingsson, Y. Younan, and F. Piessens, "Low-level software security by example," in Handbook of Information and Communication Security. Springer, 2010.
[7]
L. Szekeres, M. Payer, T. Wei, and D. Song, "Sok: Eternal war in memory," in Proceedings of the 2013 IEEE Symposium on Security and Privacy, ser. SP '13. Washington, DC, USA: IEEE Computer Society, 2013, pp. 48--62.
[8]
Y. Younan, W. Joosen, and F. Piessens, "Runtime countermeasures for code injection attacks against C and C++ programs," ACM Comput. Surv., vol. 44, no. 3, pp. 17:1--17:28, Jun. 2012.
[9]
C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, "Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks," in Proceedings of the 7th Conference on USENIX Security Symposium - Volume 7. Berkeley, CA, USA: USENIX Association, 1998.
[10]
N. D. Matsakis and F. S. Klock, II, "The Rust language," in Proceedings of the 2014 ACM SIGAda Annual Conference on High Integrity Language Technology, ser. HILT '14. New York, NY, USA: ACM, 2014.
[11]
T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang, "Cyclone: A safe dialect of c," in Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference, ser. ATEC '02. Berkeley, CA, USA: USENIX Association, 2002, pp. 275--288.
[12]
R. C. Seacord, The CERT C Secure Coding Standard, 1st ed. Addison-Wesley Professional, 2008.
[13]
B. Chess and J. West, Secure Programming with Static Analysis, 1st ed. Addison-Wesley Professional, 2007.
[14]
B. Jacobs, J. Smans, P. Philippaerts, F. Vogels, W. Penninckx, and F. Piessens, "VeriFast: A powerful, sound, predictable, fast verifier for C and Java," in Proceedings of the Third International Conference on NASA Formal Methods, ser. NFM'11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 41--55.
[15]
P. Agten, B. Jacobs, and F. Piessens, "Sound modular verification of C code executing in an unverified context," in Proceedings of the 42Nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, ser. POPL '15. New York, NY, USA: ACM, 2015, pp. 581--594.
[16]
K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov, "Address-sanitizer: A fast address sanity checker," in Proceedings of the 2012 USENIX Conference on Annual Technical Conference, ser. USENIX ATC'12. Berkeley, CA, USA: USENIX Association, 2012, pp. 28--28.
[17]
Y. Younan, P. Philippaerts, L. Cavallaro, R. Sekar, F. Piessens, and W. Joosen, "Paricheck: an efficient pointer arithmetic checker for C programs." in ASIACCS. ACM, 2010, pp. 145--156.
[18]
T. Lindholm and F. Yellin, Java Virtual Machine Specification, 2nd ed. Boston, MA, USA: Addison-Wesley Longman Publishing Co., Inc., 1999.
[19]
R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, "Efficient software-based fault isolation," SIGOPS Oper. Syst. Rev., vol. 27, no. 5, pp. 203--216, Dec. 1993. {Online}. Available: http://doi.acm.org/10.1145/173668.168635
[20]
B. Yee, D. Sehr, G. Dardyk, B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar, "Native client: A sandbox for portable, untrusted x86 native code," in IEEE Symposium on Security and Privacy (Oakland'09), IEEE, 3 Park Avenue, 17th Floor, New York, NY 10016, 2009.
[21]
J. Woodruff, R. N. Watson, D. Chisnall, S. W. Moore, J. Anderson, B. Davis, B. Laurie, P. G. Neumann, R. Norton, and M. Roe, "The CHERI capability model: Revisiting RISC in an age of risk," in Proceeding of the 41st Annual International Symposium on Computer Architecuture, ser. ISCA '14. Piscataway, NJ, USA: IEEE Press, 2014, pp. 457--468.
[22]
D. Devriese, L. Birkedal, and F. Piessens, "Reasoning about object capabilities with logical relations and effect parametricity," ser. IEEE Euro S&P, Saarbrücken, Germany, 2016.
[23]
J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki, "Flicker: An execution infrastructure for TCB minimization," in Proceedings of the ACM European Conference in Computer Systems (EuroSys). ACM, Apr. 2008, pp. 315--328.
[24]
R. Strackx and F. Piessens, "Fides: Selectively hardening software application components against kernel-level or process-level malware," in Proceedings of the 2012 ACM Conference on Computer and Communications Security, ser. CCS '12. New York, NY, USA: ACM, 2012, pp. 2--13.
[25]
J. Noorman, P. Agten, W. Daniels, R. Strackx, A. V. Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens, "Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base," in 22nd USENIX Security Symposium (USENIX Security 13). Washington, D.C.: USENIX, 2013, pp. 479--498.
[26]
P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan, "Trustlite: A security architecture for tiny embedded devices," in Proceedings of the Ninth European Conference on Computer Systems, ser. EuroSys '14. New York, NY, USA: ACM, 2014, pp. 10:1--10:14.
[27]
K. El Defrawy, A. Francillon, D. Perito, and G. Tsudik, "Smart: Secure and minimal architecture for (establishing a dynamic) root of trust," in Proceedings of the Network & Distributed System Security Symposium (NDSS), San Diego, CA, 2012.
[28]
Intel, Intel Software Guard Extensions Programming Reference, 2014.
[29]
M. Abadi, "Protection in programming-language translations," in Secure Internet Programming, Security Issues for Mobile and Distributed Objects, 1999, pp. 19--34.
[30]
P. Agten, R. Strackx, B. Jacobs, and F. Piessens, "Secure compilation to modern processors," in 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, June 25--27, 2012, 2012, pp. 171--185.
[31]
M. Patrignani, P. Agten, R. Strackx, B. Jacobs, D. Clarke, and F. Piessens, "Secure compilation to protected module architectures," ACM Trans. Program. Lang. Syst., vol. 37, no. 2, pp. 6:1--6:50, Apr. 2015.
[32]
M. Patrignani, D. Devriese, and F. Piessens, "Multi-module fully abstract compilation (extended abstract)," in Workshop on Foundations of Computer Security, July 2015.
[33]
Y. Juglaret, C. Hriţcu, A. Azevedo de Amorim, B. C. Pierce, A. Spector-Zabusky, and A. Tolmach, "Towards a fully abstract compiler using Micro-Policies: Secure compilation for mutually distrustful components," Technical Report, arXiv:1510.00697, 2015. {Online}. Available: http://arxiv.org/abs/1510.00697
[34]
W. J. Bowman and A. Ahmed, "Noninterference for free," in Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming, ser. ICFP 2015. New York, NY, USA: ACM, 2015, pp. 101--113.
[35]
D. Devriese, M. Patrignani, and F. Piessens, "Fully-abstract compilation by approximate back-translation," in POPL 2016.
[36]
B. Parno, J. R. Lorch, J. R. Douceur, J. Mickens, and J. M. McCune, "Memoir: Practical state continuity for protected modules," in Proceedings of the IEEE Symposium on Security and Privacy, 2011.
[37]
R. Strackx, B. Jacobs, and F. Piessens, "Ice: A passive, high-speed, state-continuity scheme," in Proceedings of the 30th Annual Computer Security Applications Conference, ser. ACSAC '14. ACM, 2014.
- Software security: vulnerabilities and countermeasures for two attacker models
Recommendations
Dynamic Canary Randomization for Improved Software Security
CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research ConferenceStack canaries are a well-known and effective technique for detecting and defeating stack overflow attacks. However, they are not perfect. For programs compiled using gcc, the reference canary value is randomly generated at program invocation and fixed ...
A Practical Framework for Dynamically Immunizing Software Security Vulnerabilities
ARES '06: Proceedings of the First International Conference on Availability, Reliability and SecurityMany security attacks are caused by software vulnerabilities such as buffer overflow. How to eliminate or mitigate these vulnerabilities, in particular with unstoppable software, is a great challenge for security researchers and practitioners. In this ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sponsors
- IMEC: IMEC
- Systematic: Systematic Paris-Region Systems & ICT Cluster
- DREWAG: DREWAG
- AENEAS: AENEAS
- Technical University of Dresden
- CMP: Circuits Multi Projets
- PENTA: PENTA
- CISCO
- OFFIS: Oldenburger Institut für Informatik
- Goethe University: Goethe University Frankfurt
Publisher
EDA Consortium
San Jose, CA, United States
Publication History
Published: 14 March 2016
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 108Total Downloads
- Downloads (Last 12 months)54
- Downloads (Last 6 weeks)11
Reflects downloads up to 25 Nov 2024
Other Metrics
Citations
Cited By
View all- Schaumont P(2017)Security in the internet of thingsProceedings of the Conference on Design, Automation & Test in Europe10.5555/3130379.3130543(674-679)Online publication date: 27-Mar-2017
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in