The chapter introduces and describes representative defense mechanisms to protect from both basic and advanced exploitation of low-level coding vulnerabilities. Exploitation of low-level coding vulnerabilities has evolved from a basic stack-based buffer overflow with code injection to highly sophisticated attack techniques. In addition, pure-data attacks were demonstrated to be as efficient as control-data attacks and quite realistic. On the other hand research on assessment of the robustness of proposed mitigation techniques revealed various weaknesses in them leading to design and implementation of evasion techniques. Most of the defensive techniques protect only from a limited set of attack techniques, thus a defense employment requires multiple complementary mitigation techniques. Furthermore, there are few mitigation techniques designed to counter pure-data attacks. In response to these limitations, current research proposes better defensive mechanisms such as pointer taintedness detection and attack data burning capable of countering any kind of control-data or pure-data attack.
What Are Low-Level Coding Vulnerabilities And How Are They Exploited?
These vulnerabilities may be defined as programming errors which open the way to an attacker to corrupt the memory of a program. Exploitation of such vulnerabilities generally takes the form of control-data or pure-data attacks. Control-data attacks corrupt memory management data for the purpose of transferring control to binary code inserted into the address space of a target process, or to existing arbitrary instructions which usually are forced to take attacker supplied data as arguments. Pure-data attacks (Chen, Xu, Sezer, Gauriar, & Iyer, 2005a; Pincus, & Baker, 2004) are built upon corruption of noncontrol data (i.e., computational data usually held by global or local variables in a program, such as, for example, user identification data, configuration data, decision making data, file descriptors, RPC procedure numbers, and so on).
An array overflow is a programming error which occurs when no range checks are performed on a value which is used to index an array. The danger rises when such a value may be directly or indirectly affected by an attacker, and the array is filled with user-supplied data.
Key Terms in this Chapter
Canary: A word placed on the boundary of a buffer in order to detect sequential overwrites of that buffer. Detection is performed by checking the integrity of a canary.
Control-Data Attack: Exploitation of a vulnerability built upon corruption of data which are used by a target process for memory management purposes.
Pointer: A data type whose value is the address of the memory location where another value is stored.
Run-Time Vulnerability Mitigation: A defensive technique which intervenes in the execution of a process to be protected while the latter is running.
Stream Cipher: Symmetric cryptography whose encryption and decryption operations typically consist in XOR’ing a secret key with plain text bits and cipher text bits, respectively.
Memory Overflow: The phenomenon of writing beyond the boundaries of a destination buffer in memory.
Pure-Data Attack: Exploitation of a vulnerability built upon corruption of computational data of a target process.
Tainted Pointer: A pointer whose value originates from input data.
Low-Level Coding Vulnerability: A programming language weakness which, when combined with a programming error, could enable an attacker to corrupt the memory of a given process and consequently violate the security of a computer system.
Injection: Insertion of attack data into the address space of a target process. Generally, the attack data are machine executable code or parameters to be passed to program functions.