Abstract
Code injection attacks are considered serious threats to the Internet users. In this type of attack the attacker injects malicious codes in the user programs to change or divert the execution flows. In this paper we explore the contemporary defence strategies against code injection attacks (CIAs) and underline their limitations. To overcome these limitations, we suggest a number of countermeasure mechanisms for protecting from CIAs. Our key idea relies on the multiplexing technique to preserve the exact return code to ensure the integrity of program execution trace of shell code. This technique also maintains a FIFO (first in first out) queue to defeat the conflict state when multiple caller method makes a call simultaneously. Finally, our technique can provide better performance, in terms of protection and speed, in some point compared to the CFI (control flow integrity) as well as CPM (code pointer masking) techniques.
Original language | English |
---|---|
Title of host publication | Proceedings of the International Conference on Security and Privacy in Communication Networks |
Subtitle of host publication | 10th International ICST Conference, SecureComm 2014 |
Editors | Mudhakar Tian, Srivatsa Jing, Jiwu Jing |
Place of Publication | Switzerland |
Publisher | Springer |
Pages | 237-251 |
Number of pages | 15 |
Volume | 153 |
ISBN (Electronic) | 9783319238029 |
ISBN (Print) | 9783319238012 |
DOIs | |
Publication status | Published - 2015 |
Event | 10th International Conference on Security and Privacy in Communication Networks: SecureComm 2014 - Beijing, China, Beijing, China Duration: 24 Sept 2014 → 26 Sept 2014 https://link.springer.com/content/pdf/10.1007%2F978-3-319-23802-9.pdf http://archive.securecomm.org/2014/show/home |
Publication series
Name | |
---|---|
ISSN (Print) | 1867-8211 |
Conference
Conference | 10th International Conference on Security and Privacy in Communication Networks |
---|---|
Country/Territory | China |
City | Beijing |
Period | 24/09/14 → 26/09/14 |
Other | SecureComm'14 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated. The aim of SecureComm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. SecureComm also serves as a venue for learning about state-of-the-art in security and privacy research, giving attendees the opportunity to network with experts in the field. |
Internet address |