Memory Corruption Mitigations and Their Implementation Progress in Third-Party Windows Applications

Cevik, Serbulent

Memory Corruption Mitigations and Their Implementation Progress in Third-Party Windows Applications

Active / Technical Report | Accession Number: ADA571101 |

Open PDF

Abstract:

It has been more than two decades since the first practical implementation of a memory corruption attack. Despite the fact that there has been much research done on efficiently protecting systems from this type of attack, memory corruption attacks still hold the lions share among all exploitation techniques used against software systems. The Windows family of operating systems, as the most used operating system in the world, has suffered from memory corruption attacks more than any other system. Through the years, Microsoft has introduced various mechanisms for the detection and prevention of memory corruption attacks on Windows platforms. This thesis provides a time line and detailed analysis of the memory protection mechanisms introduced in the Windows family of operating systems. Using these measures, Microsoft has diminished the number of successful exploitations of their software products, yet adoption of these measures by independent software vendors ISVs developing software for the Windows platform has not materialized as expected. The results of this thesis show that while most ISVs implement mitigations offered by Microsoft, few applications implement all these mitigations thoroughly.

Author(s):

Cevik, Serbulent

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Master's thesis

Supplementary Note:

The original document contains color images.

Pagination:

0085

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS

Subject Terms

Joint Capability Areas:

JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_7_Protection; JCA_5_Command and Control; JCA_5.3_Planning; JCA_6_Net Centric; JCA_6.4.1_Secure Information Exchange; JCA_6.4_Information Assurance; JCA_8_Building Partnerships; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_8.2_Shape; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_6.1.3_Switching and Routing; JCA_6.1_Information Transport; JCA_1_Force Support; JCA_1.2_Force Preparation; JCA_1.2.5_Lessons Learned; JCA_5.4_Decide; JCA_6.2.3_Core Enterprise Services

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*HACKING(COMPUTER SECURITY), COMPUTER PROGRAMS, DETECTION, THESES

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

MEMORY CORRUPTION ATTACKS, GS, DATA EXECUTION PREVENTION, ADDRESS SPACE LAYOUT RANDOMIZATION, ISV(INDEPENDENT SOFTWARE VENDORS), SAFESEH, STRUCTURED EXCEPTION HANDLING, EXPLOIT MITIGATIONS, THIRD PARTY APPLICATIONS, BUFFER OVERFLOW

Report Date:

2012 Sep 01

Creation Date:

2013 Apr 03