1. Base Address Recognition with Data Flow Tracking for Injection Attack Detection
- Author
-
Hiroyuki Kurita, Shuichi Sakai, Ryota Shioya, Masahiro Goshima, Hidetsugu Irie, Satoshi Katsunuma, and Kazuto Shimizu
- Subjects
Data flow diagram ,Offset (computer science) ,Computer science ,business.industry ,Injection attacks ,Real-time computing ,Pentium ,Tracking system ,business ,Base address ,Data-flow analysis ,Buffer overflow - Abstract
Vulnerabilities such as buffer overflows exist in some programs, and such vulnerabilities are susceptible to address injection attacks. The input data tracking method, which was proposed before, prevents I-data, which are the data derived from the input data, being used as addresses. However, the rules to determine address injection attacks are vague, which produces many false-positives and false-negatives in detection results. Generally, the data used as an address consist of a base address and an address offset. We propose an architectural technique to prevent I-data overwriting B-data, which are the data used as base addresses in this paper. It dynamically recognizes the I-data and the B-data. Address injection is detected if I-data that are not B-data are used as addresses. We implemented the proposed technique on a Pentium-based Bochs emulator and investigated its detection capability. We believe that the technique is the most accurate injection detection technique proposed thus far
- Published
- 2006
- Full Text
- View/download PDF