Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
9-2012
Abstract
Inputs to many application and server programs contain rich and consistent structural information. The propagation of such input in program execution could serve as accurate and reliable signatures for detecting memory corruptions. In this paper, we propose a novel approach to detect memory corruptions at the binary level. The basic insight is that different parts of an input are usually processed in different ways, e.g., by different instructions. Identifying individual parts in an input and learning the pattern in which they are processed is an attractive approach to detect memory corruptions. We propose a fine-grained dynamic taint analysis system to detect different fields in an input and monitor the propagation of these fields, and show that deviations from the execution pattern learned signal a memory corruption. We implement a prototype of our system and demonstrate its success in detecting a number of memory corruption attacks in the wild. In addition, we evaluate the overhead of our system and discuss its advantages over existing approaches and limitations.
Keywords
memory corruption, dynamic taint analysis
Discipline
Information Security
Research Areas
Information Security and Trust
Publication
15th Information Security Conference (ISC 2012)
Identifier
10.1007/978-3-642-33383-5_10
Publisher
Springer Verlag
City or Country
Passau, Germany
Citation
ZHAO, Lei; GAO, Debin; and WANG, Lina.
Learning Fine-Grained Structured Input for Memory Corruption Detection. (2012). 15th Information Security Conference (ISC 2012).
Available at: https://ink.library.smu.edu.sg/sis_research/1702
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
http://dx.doi.org/10.1007/978-3-642-33383-5_10