4.2.4 Source Code Transformation for San Deep

Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

Defeating Memory Error Exploits UsingAutomated Software Diversity

A Dissertation Presentedby

Sandeep Bhatkar

toThe Graduate Schoolin Partial Fulfillment of the Requirementsfor the Degree ofDoctor of PhilosophyinComputer ScienceStony Brook University

December 2007

Stony Brook University

The Graduate School

Sandeep Bhatkar

We, the dissertation committee for the above candidate forthe degree of Doctor of Philosophy,hereby recommend acceptance of this dissertation.Professor R. C. Sekar, (Advisor)Computer Science Department, Stony Brook UniversityProfessor Scott Stoller, (Chairman)Computer Science Department, Stony Brook UniversityProfessor Rob Johnson, (Committee Member)Computer Science Department, Stony Brook UniversityProfessor Somesh Jha, (External Committee Member)Computer Science Department, University of WisconsinThis dissertation is accepted by the Graduate School.Lawrence MartinDean of the Graduate Schoolii

Abstract of the Dissertation

Defeating Memory Error Exploits Using AutomatedSoftware Diversity

by

Sandeep BhatkarDoctor of Philosophy

in

Computer Science

Stony Brook University2007The vast majority of today’s security vulnerabilities, accounting for as muchas 88% of US-CERT advisories in the past few years, are caused by memoryerrors such as buffer overflows, heap overflows, integer overflows, and format-string bugs. Previous research has developed techniques for preventing knownattack classes exploiting these vulnerabilities. However, attackers quickly de-veloped alternative exploits to circumvent these protections. In contrast tothese approaches, comprehensive memory error detection techniques can helptrack down memory-related bugs, as well as provide full runtime protectionfrom known and future exploits of buffer overflows. However, they typicallyintroduce very high overheads, slowing down programs by a factor of 2 oriii

of 00

Leave a Comment