Memory Corruption Mitigations and Their Implementation Progress in Third-Party Windows Applications

Download
Author
Cevik, Serbulent
Date
2012-09Advisor
Eagle, Chris
Second Reader
Boger, Dan C.
Metadata
Show full item recordAbstract
It has been more than two decades since the first practical implementation of a memory corruption attack. Despite the fact that there has been much research done on efficiently protecting systems from this type of attack, memory corruption attacks still hold the lions share among all exploitation techniques used against software systems. The Windows family of operating systems, as the most used operating system in the world, has suffered from memory corruption attacks more than any other system. Through the years, Microsoft has introduced various mechanisms for the detection and prevention of memory corruption attacks on Windows platforms. This thesis provides a timeline and detailed analysis of the memory protection mechanisms introduced in the Windows family of operating systems. Using these measures, Microsoft has diminished the number of successful exploitations of their software products, yet adoption of these measures by independent software vendors (ISVs) developing software for the Windows platform has not materialized as expected. The results of this thesis show that while most ISVs implement mitigations offered by Microsoft, few applications implement all these mitigations thoroughly.
Collections
Related items
Showing items related by title, author, creator and subject.
-
HLA performance measurement
Ping, Ivan Chang Kok (Monterey, California. Naval Postgraduate School, 2000-03);HLA uses an implicit Runtime Infrastructure (RTI) that completely encapsulates all simulation systems. This implementation on a networked virtual environment might be limited and could affect the overall system performance. ... -
Forensic Carving of Network Packets and Associated Data Structures
Beverly, Robert; Garfinkel, Simson; Cardwell, Greg (2011-08);Using validated carving techniques, we show that popular operating systems (e.g. Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from ... -
Forensic Carving of Network Packets and Associated Data Structures
Beverly, Robert; Garfinkel, Simson; Cardwell, Greg (2011-08-02);Using validated carving techniques, we show that popular operating systems (\eg Windows, Linux, and OSX) frequently have residual IP packets, Ethernet frames, and associated data structures present in system memory from ...