The most popular avenue exploited by malicious software authors for the past dozen years has been to pervert normal program execution by corrupting control data. Many defenses have been developed that mitigate such attacks and safeguards against them are being deployed with popular commodity operating systems. Because of the success of those defenses, attackers will seek out new vulnerabilities. Attacks against security-sensitive non-control data, which have been demonstrated against several applications, are expected to become more widespread.
This project develops and evaluates a defense against memory-corrupting non-control data attacks. The defense combines commonly-available hardware and operating system support with program transformations and inference techniques to automatically protect security-critical program data from corruption. The research is developing techniques that minimize the window of opportunity when critical data can be compromised by storing critical data in special read-only memory pages that are protected by hardware and operating system mechanisms. This project develops inference algorithms for identifying security-critical data and program transformations to place such data in secure storage and control access to it.
This defense offers low run-time overhead and a high assurance of protection regardless of the means used by an attacker to corrupt memory. This project is evaluated using formal proofs of soundness, tests against real and constructed vulnerabilities and attacks, and measurements of the inference effectiveness and transformation performance costs of a prototype implementation applied to popular software servers.
