Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SRDS
2003
IEEE
2003
IEEE
Transparent Runtime Randomization for Security
A large class of security attacks exploit software implementation vulnerabilities such as unchecked buffers. This paper proposes Transparent Runtime Randomization (TRR), a generalized approach for protecting against a wide range of security attacks. TRR dynamically and randomly relocates a program’s stack, heap, shared libraries, and parts of its runtime control data structures inside the application memory address space. Making a program’s memory layout different each time it runs foils the attacker’s assumptions about the memory layout of the vulnerable program and makes the determination of critical address values difficult if not impossible. TRR is implemented by changing the Linux dynamic program loader, hence it is transparent to applications. We demonstrate that TRR is effective in defeating real security attacks, including malloc-based heap overflow, integer overflow, and double-free attacks, for which effective prevention mechanisms are yet to emerge. Furthermore, TR...
Real-time TrafficRelated Content
| Added | 05 Jul 2010 |
| Updated | 05 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | SRDS |
| Authors | Jun Xu, Zbigniew Kalbarczyk, Ravishankar K. Iyer |
Comments (0)
Researcher Info
|
