The Continuing Arms Race: Code-Reuse Attacks and Defenses
MIT Lincoln Laboratory Lexington United States
Pagination or Media Count:
Almost three decades ago, the Morris Worm infected thousands of UNIX workstations by, among other things, exploiting a buffer-overflow error in the fingerd daemon Spafford1989. Buffer overflows are just one example of a larger class of memory corruption errors Szekeres et al. 2013 van der Veen et al. 2012. The root of the issue is that systems programming languagesC and its derivativesexpect programmers to access memory correctly and eschews runtime safety checks to maximize performance. There are three possible ways to address the security issues associated with memory corruption. One is to migrate away from these legacy languages which were designed four decades ago, long before computers were networked and thus exposed to remote adversaries. Another is to retrofit the legacy code with runtime safety checks. This is a great option whenever the, often substantial, cost of runtime checking is acceptable. In cases where legacy code must run at approximately the same speed, however, we must fall back to targeted mitigations which, unlike the other remedies, do not prevent memory corruption. Instead, mitigations make it harder, i.e., more labor intensive, to turn errors into exploits.
- Computer Programming and Software
- Computer Systems Management and Standards