Identifying arbitrary memory access vulnerabilities in privilege-separated software

Hong Hu; Zheng Leong Chua; Zhenkai Liang; Prateek Saxena

doi:10.1007/978-3-319-24177-7_16

Identifying arbitrary memory access vulnerabilities in privilege-separated software

Hong Hu, Zheng Leong Chua, Zhenkai Liang, Prateek Saxena

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Privilege separation is a widely used technique to secure complex software systems. With privilege separation, software components are divided into several partitions and these partitions can only communicate through limited interfaces. However, the interfaces still provide a channel for one partition to influence code in other partitions. As a result, certain memory access patterns can be leveraged by attackers to perform arbitrary memory access. We refer to this type of memory access errors by the acronym DUI (Dereference Under the Influence). In this paper, we present a systematic method to detect vulnerabilities leading to DUI through binary analysis, and to estimate the capability attackers can obtain through DUI exploits. The evaluation shows that our approach can accurately identify vulnerable code that leads to arbitrary memory access in real-world software components and programs, when they are transformed to privilege-separated designs.

Original language	English (US)
Title of host publication	Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
Editors	Günther Pernul, Peter Y.A. Ryan, Edgar Weippl
Publisher	Springer Verlag
Pages	312-331
Number of pages	20
ISBN (Print)	9783319241760
DOIs	https://doi.org/10.1007/978-3-319-24177-7_16
State	Published - 2015
Event	20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria Duration: Sep 21 2015 → Sep 25 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9327
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	20th European Symposium on Research in Computer Security, ESORICS 2015
Country/Territory	Austria
City	Vienna
Period	9/21/15 → 9/25/15

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-24177-7_16

Cite this

Hu, H., Chua, Z. L., Liang, Z., & Saxena, P. (2015). Identifying arbitrary memory access vulnerabilities in privilege-separated software. In G. Pernul, P. Y. A. Ryan, & E. Weippl (Eds.), Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings (pp. 312-331). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9327). Springer Verlag. https://doi.org/10.1007/978-3-319-24177-7_16

Hu, Hong ; Chua, Zheng Leong ; Liang, Zhenkai et al. / Identifying arbitrary memory access vulnerabilities in privilege-separated software. Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. editor / Günther Pernul ; Peter Y.A. Ryan ; Edgar Weippl. Springer Verlag, 2015. pp. 312-331 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8a7cf8c3f6b94776b9fc5f0a6b776116,

title = "Identifying arbitrary memory access vulnerabilities in privilege-separated software",

abstract = "Privilege separation is a widely used technique to secure complex software systems. With privilege separation, software components are divided into several partitions and these partitions can only communicate through limited interfaces. However, the interfaces still provide a channel for one partition to influence code in other partitions. As a result, certain memory access patterns can be leveraged by attackers to perform arbitrary memory access. We refer to this type of memory access errors by the acronym DUI (Dereference Under the Influence). In this paper, we present a systematic method to detect vulnerabilities leading to DUI through binary analysis, and to estimate the capability attackers can obtain through DUI exploits. The evaluation shows that our approach can accurately identify vulnerable code that leads to arbitrary memory access in real-world software components and programs, when they are transformed to privilege-separated designs.",

author = "Hong Hu and Chua, {Zheng Leong} and Zhenkai Liang and Prateek Saxena",

note = "Funding Information: We thank Xinshu Dong and the anonymous reviewers for their insightful comments. This research is supported in part by the National Research Foundation, Prime Minister{\textquoteright}s Office, Singapore under its National Cybersecurity R&D Program (Award No. NRF2014NCR-NCR001-21) and administered by the National Cybersecurity R&D Directorate, and by a research grant from Symantec. Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 20th European Symposium on Research in Computer Security, ESORICS 2015 ; Conference date: 21-09-2015 Through 25-09-2015",

year = "2015",

doi = "10.1007/978-3-319-24177-7_16",

language = "English (US)",

isbn = "9783319241760",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "312--331",

editor = "G{\"u}nther Pernul and Ryan, {Peter Y.A.} and Edgar Weippl",

booktitle = "Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings",

address = "Germany",

}

Hu, H, Chua, ZL, Liang, Z & Saxena, P 2015, Identifying arbitrary memory access vulnerabilities in privilege-separated software. in G Pernul, PYA Ryan & E Weippl (eds), Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9327, Springer Verlag, pp. 312-331, 20th European Symposium on Research in Computer Security, ESORICS 2015, Vienna, Austria, 9/21/15. https://doi.org/10.1007/978-3-319-24177-7_16

Identifying arbitrary memory access vulnerabilities in privilege-separated software. / Hu, Hong; Chua, Zheng Leong; Liang, Zhenkai et al.

Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. ed. / Günther Pernul; Peter Y.A. Ryan; Edgar Weippl. Springer Verlag, 2015. p. 312-331 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9327).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Identifying arbitrary memory access vulnerabilities in privilege-separated software

AU - Hu, Hong

AU - Chua, Zheng Leong

AU - Liang, Zhenkai

AU - Saxena, Prateek

N1 - Funding Information: We thank Xinshu Dong and the anonymous reviewers for their insightful comments. This research is supported in part by the National Research Foundation, Prime Minister’s Office, Singapore under its National Cybersecurity R&D Program (Award No. NRF2014NCR-NCR001-21) and administered by the National Cybersecurity R&D Directorate, and by a research grant from Symantec. Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Privilege separation is a widely used technique to secure complex software systems. With privilege separation, software components are divided into several partitions and these partitions can only communicate through limited interfaces. However, the interfaces still provide a channel for one partition to influence code in other partitions. As a result, certain memory access patterns can be leveraged by attackers to perform arbitrary memory access. We refer to this type of memory access errors by the acronym DUI (Dereference Under the Influence). In this paper, we present a systematic method to detect vulnerabilities leading to DUI through binary analysis, and to estimate the capability attackers can obtain through DUI exploits. The evaluation shows that our approach can accurately identify vulnerable code that leads to arbitrary memory access in real-world software components and programs, when they are transformed to privilege-separated designs.

AB - Privilege separation is a widely used technique to secure complex software systems. With privilege separation, software components are divided into several partitions and these partitions can only communicate through limited interfaces. However, the interfaces still provide a channel for one partition to influence code in other partitions. As a result, certain memory access patterns can be leveraged by attackers to perform arbitrary memory access. We refer to this type of memory access errors by the acronym DUI (Dereference Under the Influence). In this paper, we present a systematic method to detect vulnerabilities leading to DUI through binary analysis, and to estimate the capability attackers can obtain through DUI exploits. The evaluation shows that our approach can accurately identify vulnerable code that leads to arbitrary memory access in real-world software components and programs, when they are transformed to privilege-separated designs.

UR - http://www.scopus.com/inward/record.url?scp=84951819578&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951819578&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24177-7_16

DO - 10.1007/978-3-319-24177-7_16

M3 - Conference contribution

AN - SCOPUS:84951819578

SN - 9783319241760

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 312

EP - 331

BT - Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings

A2 - Pernul, Günther

A2 - Ryan, Peter Y.A.

A2 - Weippl, Edgar

PB - Springer Verlag

T2 - 20th European Symposium on Research in Computer Security, ESORICS 2015

Y2 - 21 September 2015 through 25 September 2015

ER -

Hu H, Chua ZL, Liang Z, Saxena P. Identifying arbitrary memory access vulnerabilities in privilege-separated software. In Pernul G, Ryan PYA, Weippl E, editors, Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2015. p. 312-331. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-24177-7_16

Identifying arbitrary memory access vulnerabilities in privilege-separated software

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this