| With the rapid development of computer and Internet, various types of computer viruses, worms, malicious programs have become big threats to computer system. Now program security is a serious problem. Conventional attacks generally exploit buffer overflow, double free, integer overflow, format string vulnerability and override somewhere in the memory location to achieve the purpose of changing the control flow. These attacks are called control data attacks since they modify the control flow of the program. There are already some mature defense methods, such as canary check, nonexecutable stack, and address space layout randomization.Non-control-data attack is a new attack method which does not alter the target program’s control data. Attackers corrupt a variety of application data including user identity data, configuration data, user input data, and decision-making data. There are some existing defense methods against such attacks:Static methods add protection structure and need to recompile. These methods need source code. Dynamic methods are generally based on dynamic taint analysis and track the spread of the data in the application. However, attack points vary in many locations, which make a new challenge for dynamic defense methods.This paper proposed pointer taint analysis method based on dynamic taint analysis. Our method checked whether invalid pointer is dereferenced which is made up of external data. We implemented a tool based on dynamic binary instrumentation framework Pin, hence works on commodity software. Experimental tests show our method can detect control-data attack and most of non-control-data attack. |
PDF Full Text Request