• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Defending Non-control-data Attacks using Influence Domain Monitoring


Abstract

As an increasing number of defense methods against control-data attacks are deployed in practice, control-data attacks have become challenging, and non-control-data attacks are on the rise. However, defense methods against non-control-data attacks are still deficient even though these attacks can produce damage as significant as that of control-data attacks. We present a method to defend against non-control-data attacks using influence domain monitoring (IDM). A definition of the data influence domain is first proposed to describe the characteristics of a variable during its life cycle. IDM extracts security-critical non-control data from the target program and then instruments the target for monitoring these variables’ influence domains to ensure that corrupted variables will not be used as the attackers intend. Therefore, attackers may be able to modify the value of one security-critical variable by exploiting certain memory corruption vulnerabilities, but they will be prevented from using the variable for nefarious purposes. We evaluate a prototype implementation of IDM and use the experimental results to show that this method can defend against most known non-control-data attacks while imposing a moderate amount of performance overhead.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
G. Zhang, Q. Li, Z. Chen, P. Zhang, "Defending Non-control-data Attacks using Influence Domain Monitoring," KSII Transactions on Internet and Information Systems, vol. 12, no. 8, pp. 3888-3910, 2018. DOI: 10.3837/tiis.2018.08.019 .

[ACM Style]
Guimin Zhang, Qingbao Li, Zhifeng Chen, and Ping Zhang. 2018. Defending Non-control-data Attacks using Influence Domain Monitoring. KSII Transactions on Internet and Information Systems, 12, 8, (2018), 3888-3910. DOI: 10.3837/tiis.2018.08.019 .

[BibTeX Style]
@article{tiis:21847, title="Defending Non-control-data Attacks using Influence Domain Monitoring", author="Guimin Zhang and Qingbao Li and Zhifeng Chen and Ping Zhang and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2018.08.019 }, volume={12}, number={8}, year="2018", month={August}, pages={3888-3910}}