Proceedings of the 2019 4th International Conference on Mathematics and Artificial Intelligence 2019
DOI: 10.1145/3325730.3325738
|View full text |Cite
|
Sign up to set email alerts
|

A Novel and Fine-grained Heap Randomization Allocation Strategy for Effectively Alleviating Heap Buffer Overflow Vulnerabilities

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
4
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
3

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(4 citation statements)
references
References 22 publications
0
4
0
Order By: Relevance
“…An attacker achieves malicious intent by diverting the control flow of the firmware to malicious code and executing it [86]. Several solutions to defend against such attacks include control-flow integrity (CFI) [87], randomization-based [88] and enforcement-based [89] methods.…”
Section: Firmware Securitymentioning
confidence: 99%
“…An attacker achieves malicious intent by diverting the control flow of the firmware to malicious code and executing it [86]. Several solutions to defend against such attacks include control-flow integrity (CFI) [87], randomization-based [88] and enforcement-based [89] methods.…”
Section: Firmware Securitymentioning
confidence: 99%
“…The position of each object was randomized using source code information so that attackers cannot predict the stack layout. [8] performed randomization for the entire heap memory area by proposing a random memory block allocation algorithm. It is similar to our study in that randomization is performed in the heap memory area, but the detailed process to obtain the randomization effect is different.…”
Section: Memory Randomizationmentioning
confidence: 99%
“…Various vulnerabilities are also likely to exist in the heap memory area as the heap is dynamically allocat-ed at runtime and it is usually more complicatedly constructed than the stack memory buffers [7]. Similarly, to stack situations, multiple defense systems including address space layout randomization (ASLR) are proposed as a part of the compiler feature or heap-allocator's runtime verification logic [8].…”
Section: Introductionmentioning
confidence: 99%
“…6 These attacks normally target weaknesses, flaws, and errors, (commonly referred to as security vulnerabilities) that may cause an explicit failure to protect the confidentiality, integrity, and availability of the application. 7 Examples of attacks include: command injection 8 ; buffer overflow 9,10 ; data or path manipulation 11 ; access control 12 ; session hijacking 13 ; and cookie poisoning. 6,14 When the attacks succeed, they can result in data breaches and have other serious security implications.…”
Section: Introductionmentioning
confidence: 99%