Eternal war in memory

Laszlo Szekeres; Mathias Payer; Lenx Tao Wei; R. Sekar

doi:10.1109/MSP.2014.44

Eternal war in memory

Laszlo Szekeres
, Mathias Payer
, Lenx Tao Wei
, R. Sekar

Computer Science

Stony Brook University

Stony Brook University
University of California at Berkeley
FireEye, Inc.

Research output: Contribution to journal › Article › peer-review

30 Scopus citations

Abstract

Software written in low-level languages like C or C++ is prone to memory corruption bugs that allow attackers to access machines, extract information, and install malware. The war in memory is fought by researchers developing defense mechanisms and attackers finding new ways around these protections. Researchers have developed defense mechanisms protecting applications from different forms of attacks. People first need to understand the attack process in order to analyze and compare protection mechanisms. Most often, attackers exploit memory corruption to control program execution by diverting its control flow. Control-flow hijack attacks use memory errors to corrupt a code pointer. Memory Safety mitigates memory corruption by preventing both spatial and temporal errors. Type-safe languages enforce this policy by disallowing pointer arithmetic, checking object bounds at array accesses, and using automatic garbage collection instead of manual memory management.

Original language	English
Article number	6824529
Pages (from-to)	45-53
Number of pages	9
Journal	IEEE Security and Privacy
Volume	12
Issue number	3
DOIs	https://doi.org/10.1109/MSP.2014.44
State	Published - 2014

Access to Document

10.1109/MSP.2014.44

Cite this

@article{31c928ab1f9d4806b5de6f64c2b1b479,

title = "Eternal war in memory",

abstract = "Software written in low-level languages like C or C++ is prone to memory corruption bugs that allow attackers to access machines, extract information, and install malware. The war in memory is fought by researchers developing defense mechanisms and attackers finding new ways around these protections. Researchers have developed defense mechanisms protecting applications from different forms of attacks. People first need to understand the attack process in order to analyze and compare protection mechanisms. Most often, attackers exploit memory corruption to control program execution by diverting its control flow. Control-flow hijack attacks use memory errors to corrupt a code pointer. Memory Safety mitigates memory corruption by preventing both spatial and temporal errors. Type-safe languages enforce this policy by disallowing pointer arithmetic, checking object bounds at array accesses, and using automatic garbage collection instead of manual memory management.",

author = "Laszlo Szekeres and Mathias Payer and Wei, \{Lenx Tao\} and R. Sekar",

year = "2014",

doi = "10.1109/MSP.2014.44",

language = "English",

volume = "12",

pages = "45--53",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Eternal war in memory

AU - Szekeres, Laszlo

AU - Payer, Mathias

AU - Wei, Lenx Tao

AU - Sekar, R.

PY - 2014

Y1 - 2014

N2 - Software written in low-level languages like C or C++ is prone to memory corruption bugs that allow attackers to access machines, extract information, and install malware. The war in memory is fought by researchers developing defense mechanisms and attackers finding new ways around these protections. Researchers have developed defense mechanisms protecting applications from different forms of attacks. People first need to understand the attack process in order to analyze and compare protection mechanisms. Most often, attackers exploit memory corruption to control program execution by diverting its control flow. Control-flow hijack attacks use memory errors to corrupt a code pointer. Memory Safety mitigates memory corruption by preventing both spatial and temporal errors. Type-safe languages enforce this policy by disallowing pointer arithmetic, checking object bounds at array accesses, and using automatic garbage collection instead of manual memory management.

AB - Software written in low-level languages like C or C++ is prone to memory corruption bugs that allow attackers to access machines, extract information, and install malware. The war in memory is fought by researchers developing defense mechanisms and attackers finding new ways around these protections. Researchers have developed defense mechanisms protecting applications from different forms of attacks. People first need to understand the attack process in order to analyze and compare protection mechanisms. Most often, attackers exploit memory corruption to control program execution by diverting its control flow. Control-flow hijack attacks use memory errors to corrupt a code pointer. Memory Safety mitigates memory corruption by preventing both spatial and temporal errors. Type-safe languages enforce this policy by disallowing pointer arithmetic, checking object bounds at array accesses, and using automatic garbage collection instead of manual memory management.

UR - https://www.scopus.com/pages/publications/84903142379

U2 - 10.1109/MSP.2014.44

DO - 10.1109/MSP.2014.44

M3 - Article

SN - 1540-7993

VL - 12

SP - 45

EP - 53

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 3

M1 - 6824529

ER -

Eternal war in memory

Abstract

Access to Document

Other files and links

Fingerprint

Cite this