A NEW MECHANISM FOR OS SECURITY - Selective Checking of Shared Library Calls for Security

Dae-won Kim, Geun-tae Bae, Yang-woo Roh, Dae-yeon Park

2005

Abstract

This paper presents a systematic solution to the serious problem of GOT/PLT exploitation attacks. A large class of security mechanisms has been defeated by those attacks. While some security mechanisms are concerned with preventing GOT/PLT exploitation attacks, however, they are not complete against GOT/PLT exploitation attacks or the considerable performance decline occurs. We describe the selective checking of shared library calls, called SCC. The SCC dynamically relocates a program’s Global Offset Table (GOT) and checks whether the accesses via Procedure Linkage Table (PLT) are legal. The SCC is implemented by modifying only the Linux dynamic loader, hence it is transparent to applications and easily deployable. In experiment results, we show that the SCC is effective in defeating against GOT/PLT exploitation attacks and is the mechanism with the very low runtime overhead.

References

  1. “Aleph One”, 2000. The Stack for Fun And Profit. Phrack 14(49).
  2. Anonymous, 2001.Once Upon a Free(). Phrack 9(57).
  3. Arash, B., Navjot, S., and Timothy, T., 2000. Transparent Run-Time Defense Against Stack Smashing Attacks. In Proceedings of the 2000 USENIX Annual Technical Conference (USENIX-00), pages 251-262, Berkeley, CA.
  4. Jun, X., Zbigniew, K., and Ravishankar, K. I., 2003.
  5. Michel, K., 2001. Vudo Malloc Tricks. Phrack 8(57).
  6. Mudge, 1997. How to Write Buffer Overflows. Published
Download


Paper Citation


in Harvard Style

Kim D., Bae G., Roh Y. and Park D. (2005). A NEW MECHANISM FOR OS SECURITY - Selective Checking of Shared Library Calls for Security . In Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 972-8865-20-1, pages 381-388. DOI: 10.5220/0001226503810388


in Bibtex Style

@conference{webist05,
author={Dae-won Kim and Geun-tae Bae and Yang-woo Roh and Dae-yeon Park},
title={A NEW MECHANISM FOR OS SECURITY - Selective Checking of Shared Library Calls for Security},
booktitle={Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2005},
pages={381-388},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001226503810388},
isbn={972-8865-20-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - A NEW MECHANISM FOR OS SECURITY - Selective Checking of Shared Library Calls for Security
SN - 972-8865-20-1
AU - Kim D.
AU - Bae G.
AU - Roh Y.
AU - Park D.
PY - 2005
SP - 381
EP - 388
DO - 10.5220/0001226503810388