Software Exploit Prevention and Remediation via Software Memory Protection

摘要

Deployed software often contains memory overwriting vulnerabilities which can be exploited by malicious users who provide input that causes critical data to be overwritten in the program (called a memory overwriting exploit). There are a wide variety of such exploits (e.g. buffer overflows, formatting string exploits, etc.). Some defenses have been limited to defeating memory overwrites in heap or stack memory, and most defenses require access to source code. The Software Memory Protection (SMP) project addresses these limitations and shortcomings by supplying a general defense against all known memory overwriting exploits, requiring no source or object code or recompilation of the protected application, with a remediation mechanism that does not rely on crashing the program to defeat attempted exploits. Therefore, SMP: (i) can defend a program binary for which no source code is available, including its linked libraries; (ii) need not be combined with any other defense against memory overwriting; and (iii) does not turn exploits into potential DOS (denial of service) attacks. SMP can be applied to a binary during testing, field deployment, or both.