Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Research on Randomization and Memory Error Detection

In spite of the attention received by buffer overflows from software vendors and security researchers, they remain as one of the most commonly reported software vulnerabilities today. Worse, they account for an overwhelming majority of "critical vulnerabilities" being reported today.

Early research targeted specific exploit types such as stack-smashing, but attackers soon discovered alternative ways to exploit memory errors. Thus, our focus is on developing defenses that can defend against a wide range of memory errors. In this context, we developed the address-space randomization (ASR) technique  [27], which we subsequently extended to Windows  [20]. This technique provided protection against most memory corruption attacks as they rely on information about the absolute adress of most memory objects. However, there is a class of data attacks that rely on relative distances between objects, and these attacks are likely to become significant as ASR begins to be widely deployed. To counter this threat, we developed the relative-address randomization technique  [23].

Recently, we developed an orthogonal approach for randomization called Data-Space Randomization  [18] that overcomes one of the main drawbacks of ASR, namely, low entropy. Unlike ASR, which has the effect of protecting pointer-valued data, DSR uses randomization to protect all types of data, thus providing a systematic defense against not only the control-flow hijack attacks but all data attacks as well. In addition, DSR is more resilient to so-called information-leakage attacks.

There are plenty of reasons to focus on memory errors, as they not only lead to exploits, but also to a majority of software faults experienced in the field. To counter this broader problem, techniques are need to detect all memory errors, as opposed to just the small subset that is exploited in attacks. In this context, we developed an efficient technique that was backwards compatible with existing software, while providing significantly better performance than previous techniques in its class  [25]. Our ongoing research explores alternative techniques that represent different trade-offs between runtime performance, backwards compatibility, and the range of errors detected.

Related Publications

[1]  Accurate Disassembly of Complex Binaries Without Use of Compiler Metadata
Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
ACM Architectural Support for Programming Languages and Operating Systems (ASPLOS) February, 2024.
[2]  SAFER: Efficient and Error-Tolerant Binary Instrumentation
Soumyakant Priyadarshan, Huan Nguyen, Rohit Chouhan and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2023.
[3]  Practical Fine-Grained Binary Code Randomization
Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2020. (Talk on YouTube).
[4]  On the Impact of Exception Handling Compatibility on Binary Instrumentation
Soumyakant Priyadarshan, Huan Nguyen and R. Sekar
Workshop on Forming an Ecosystem Around Software Transformation (FEAST) November, 2020.
[5]  Code-Pointer Integrity
Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar and Dawn Song
The Continuing Arms Race: Code-Reuse Attacks and Defenses (Morgan-Claypool and ACM Press) January, 2018.
[6]  Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks
Mingwei Zhang, Michalis Polychronakis and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2017.
[7]  Code-Pointer Integrity
Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar and Dawn Song
USENIX Operating System Design and Implementation (OSDI) October, 2014.
[8]  Eternal War in Memory
Laszlo Szekeres, Mathias Payer, Tao Wei and R. Sekar
IEEE Security and Privacy Magazine (S&P Magazine) May, 2014.
[9]  A Platform for Secure Static Binary Instrumentation
Mingwei Zhang, Rui Qiao, Niranjan Hasabnis and R. Sekar
Virtual Execution Environments (VEE) March, 2014.
[10]  Control Flow Integrity for COTS Binaries
Mingwei Zhang and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2013.
Best paper award!.
[11]  SoK: Eternal War in Memory
Laszlo Szekeres, Mathias Payer, Tao Wei and Dawn Song
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
[12]  Protecting Function Pointers in Binary
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant and Laszlo Szekeres
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2013.
[13]  Practical Control Flow Integrity and Randomization for Binary Executables
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song and Wei Zou
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013.
[14]  Light-weight Bounds Checking
Niranjan Hasabnis, Ashish Misra and R. Sekar
ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2012.
[15]  PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs
Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens and Wouter Joosen
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010.
[16]  Online Signature Generation for Windows Systems
Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2009.
[17]  Practical Techniques for Regeneration and Immunization of COTS Applications
Lixin Li, Mark R. Cornwell, E. Hultman, Jim Just and R. Sekar
Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS) June, 2009.
[18]  Data Space Randomization
Sandeep Bhatkar and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008.
[19]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking
Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.
[20]  Address-Space Randomization for Windows Systems
Lixin Li, Jim Just and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2006.
[21]  Automatic Generation of Buffer Overflow Attack Signatures: An Approach Based on Program Behavior Models
Zhenkai Liang and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2005. (Supercedes Technical Report SECLAB-05-01 An Immune System Inspired Approach for Protection from Repetitive Attacks, March 2005.).
[22]  Fast and Automated Generation of Attack Signatures: A Basis for Building Self-Protecting Servers
Zhenkai Liang and R. Sekar
ACM Conference on Computer and Communications Security (CCS) November, 2005. (Supercedes Technical Report SECLAB-05-02 Automated, Sub-second Attack Signature Generation: A Basis for Building Self-Protecting Servers, May 2005.).
[23]  Efficient Techniques for Comprehensive Protection from Memory Error Exploits
Sandeep Bhatkar, R. Sekar and Daniel DuVarney
USENIX Security Symposium (USENIX Security) August, 2005.
[24]  Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems (Short Paper)
Zhenkai Liang, R. Sekar and Daniel DuVarney
USENIX Annual Technical Conference (USENIX) April, 2005.
[25]  An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
Wei Xu, Daniel DuVarney and R. Sekar
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004.
[26]  SELF: a Transparent Security Extension for ELF Binaries
Daniel DuVarney, V.N. Venkatakrishnan and Sandeep Bhatkar
New Security Paradigms Workshop (NSPW) August, 2003.
[27]  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
Sandeep Bhatkar, Daniel DuVarney and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2003.
Overview

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Algorithms
Learning/anomaly detection
Formal methods/Foundations


Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools


Local Search



Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.