KALD: Detecting Direct Pointer Disclosure Vulnerabilities

Belleville, Brian; Shen, Wenbo; Volckaert, Stijn; Azab, Ahmed M.; Franz, Michael

doi:10.1109/tdsc.2019.2915829

Cited by 4 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Automated vulnerability repair aims to fix security vulnerabilities automatically without human debugging effort and plays a crucial role in countering emergent security concerns [29], [30] in the security community. The typical workflow of vulnerability repair is usually composed of four steps: (1) the detection phase utilizes vulnerability analysis tools under consideration (e.g., Infer [11] and SpotBugs [31]) to statically analyze source code and indicate a suspicious line containing a vulnerability; (2) the repair phase then generates various new program variants (i.e., candidate patches) by applying a set of transformation rules to these suspicious lines [20]; (3) the verification phase recompiles the vulnerable program with the generated patch to check if it can pass a functional test suite (if such a test suite exists), and then adopts the vulnerability analysis tools (e.g., Infer [11]) to check if the reported vulnerability is fixed; (4) the deployment phase employs security researchers to review and deploy a patch in practice after the patch has been found to pass the test suite and vulnerability analysis tools [32], [33].…”

Section: Automated Vulnerability Repairmentioning

confidence: 99%

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Zhang

Chen

2020

European Heart Journal

View full text Add to dashboard Cite

Reclosure of ruptured incision after peroral endoscopic myotomy using endoloops and metallic clipsSince Inoue et al. introduced peroral endoscopic myotomy (POEM) into a clinic to treat esophageal achalasia in 2010, the procedure has been carried out in many countries around the world. 1 As more and more POEM is being done, associated technical difficulties and complications may occur. 2 To our knowledge, the present study is the first to report incision rupture after POEM.A 37-year-old man presented to our academic center after experiencing 25 years of dysphagia and 2 months of exacerbation. Barium swallow examination and esophageal manometry diagnosed the patient with type I esophageal achalasia and he agreed to receive POEM.POEM was carried out using the standard technique. After the operation, the patient received routine postoperative care. On the third day after the procedure, the patient had a fever (38.9°C, white blood cell count 18.24 × 10 9 /L, % neutrophils 95.3%) and X-ray showed the absence of several metal clips at the proximal end of the longitudinal incision which revealed the incision rupture.Gastroesophageal endoscopy showed that the middle and proximal parts of the incision was ruptured. It was not possible to reclose the incision with routine clips because of the swollen mucosa around the defect. On endoscopy, an endoloop was inserted and snared the remaining clips in the distal part. In the middle, four clips were anchored onto the defect margins at full thickness and another endoloop was inserted to snare the clips tightly. The same procedure was done in the proximal part (Figs 1,2). After monitoring the patient's condition for several days, he was discharged without any complaints or complications.In the present study, we propose reclosure of a mucosal incision after POEM using conventional endoloops and hemostatic clips. It could reclose the incision regardless of the swollen tissue or the size of the longitudinal incision.

show abstract

Section: Automated Vulnerability Repairmentioning

confidence: 99%

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Zhang

Chen

2020

European Heart Journal

View full text Add to dashboard Cite

show abstract

“…To defend against ROP attacks, security researchers proposed address space layout randomization (ASLR), which randomizes the address of code, stack, and heap, making it hard to predict the code gadgets' addresses and the buffer overflowed address. However, ASLR is vulnerable to address leaks [27]. Its design cannot solve the return address corruption problem fundamentally.…”

Section: B Rop and Jop Attacksmentioning

confidence: 99%

ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels

Yang,

Zhu,

Shen

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

Code reuse attacks are still big threats to software and system security. Control flow integrity is a promising technique to defend against such attacks. However, its effectiveness has been weakened due to the inaccurate control flow graph and practical strategy to trade security for performance. In recent years, CPU vendors have integrated hardware features as countermeasures. For instance, ARM Pointer Authentication (PA in short) was introduced in ARMV8-A architecture. It can efficiently generate an authentication code for an address, which is encoded in the unused bits of the address. When the address is de-referenced, the authentication code is checked to ensure its integrity. Though there exist systems that adopt PA to harden user programs, how to effectively use PA to protect OS kernels is still an open research question.In this paper, we shed lights on how to leverage PA to protect control flows, including function pointers and return addresses, of Linux kernel. Specifically, to protect function pointers, we embed authentication code into them, track their propagation and verify their values when loading from memory or branching to targets. To further defend against the pointer substitution attack, we use the function pointer address as its context, and take a clean design to propagate the address by piggybacking it into the pointer value. We have implemented a prototype system with LLVM to identify function pointers, add authentication code and verify function pointers by emitting new machine instructions. We applied this system to Linux kernel, and solved numerous practical issues, e.g., function pointer comparison and arithmetic operations. The security analysis shows that our system can protect all function pointers and return addresses in Linux kernel. 1 We are aware that Apple has adopted PA in its latest version of iOS XNU kernel. However, its implementation details are unknown.

show abstract

Hawkeye: Eliminating Kernel Address Leakage in Normal Data Flows

Guo

Huang³

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

KALD: Detecting Direct Pointer Disclosure Vulnerabilities

Cited by 4 publications

References 18 publications

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

Introduction to the Department of Cardiology in Nanjing First Hospital of Nanjing Medical University, China

ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels

Hawkeye: Eliminating Kernel Address Leakage in Normal Data Flows

Contact Info

Product

Resources

About