Memory Corruption Mitigations and Their Implementation Progress in Third-Party Windows Applications
Boger, Dan C.
MetadataShow full item record
It has been more than two decades since the first practical implementation of a memory corruption attack. Despite the fact that there has been much research done on efficiently protecting systems from this type of attack, memory corruption attacks still hold the lions share among all exploitation techniques used against software systems. The Windows family of operating systems, as the most used operating system in the world, has suffered from memory corruption attacks more than any other system. Through the years, Microsoft has introduced various mechanisms for the detection and prevention of memory corruption attacks on Windows platforms. This thesis provides a timeline and detailed analysis of the memory protection mechanisms introduced in the Windows family of operating systems. Using these measures, Microsoft has diminished the number of successful exploitations of their software products, yet adoption of these measures by independent software vendors (ISVs) developing software for the Windows platform has not materialized as expected. The results of this thesis show that while most ISVs implement mitigations offered by Microsoft, few applications implement all these mitigations thoroughly.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Ping, Ivan Chang Kok (Monterey, California. Naval Postgraduate School, 2000-03);HLA uses an implicit Runtime Infrastructure (RTI) that completely encapsulates all simulation systems. This implementation on a networked virtual environment might be limited and could affect the overall system performance. ...
Beverly, Robert; Garfinkel, Simson; Cardwell, Greg (2011-08);Using validated carving techniques, we show that popular operating systems (e.g. Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from ...
Beverly, Robert; Garfinkel, Simson; Cardwell, Greg (2011-08-02);Using validated carving techniques, we show that popular operating systems (\eg Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from ...