Detection, exploitation and mitigation of memory errors

Oscar Llorente-Vazquez; Igor Santos-Grueiro; Iker Pastor-Lopez; Pablo Garcia Bringas

doi:10.1093/jigpal/jzae008

Detection, exploitation and mitigation of memory errors

Oscar Llorente-Vazquez
, Igor Santos-Grueiro
, Iker Pastor-Lopez
, Pablo Garcia Bringas

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs.

Original language	English
Pages (from-to)	281-292
Number of pages	12
Journal	Logic Journal of the IGPL
Volume	32
Issue number	2
DOIs	https://doi.org/10.1093/jigpal/jzae008
Publication status	Published - 1 Apr 2024
Externally published	Yes

Keywords

memory corruption
Memory errors
memory safety

Access to Document

10.1093/jigpal/jzae008

Cite this

@article{8ece92341ac04b6faece6ae4b3a77e2d,

title = "Detection, exploitation and mitigation of memory errors",

abstract = "Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs.",

keywords = "memory corruption, Memory errors, memory safety",

author = "Oscar Llorente-Vazquez and Igor Santos-Grueiro and Iker Pastor-Lopez and \{Garcia Bringas\}, Pablo",

year = "2024",

month = apr,

day = "1",

doi = "10.1093/jigpal/jzae008",

language = "English",

volume = "32",

pages = "281--292",

journal = "Logic Journal of the IGPL",

issn = "1367-0751",

publisher = "Oxford University Press",

number = "2",

}

TY - JOUR

T1 - Detection, exploitation and mitigation of memory errors

AU - Llorente-Vazquez, Oscar

AU - Santos-Grueiro, Igor

AU - Pastor-Lopez, Iker

AU - Garcia Bringas, Pablo

PY - 2024/4/1

Y1 - 2024/4/1

N2 - Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs.

AB - Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs.

KW - memory corruption

KW - Memory errors

KW - memory safety

UR - https://www.scopus.com/pages/publications/85188824381

U2 - 10.1093/jigpal/jzae008

DO - 10.1093/jigpal/jzae008

M3 - Article

AN - SCOPUS:85188824381

SN - 1367-0751

VL - 32

SP - 281

EP - 292

JO - Logic Journal of the IGPL

JF - Logic Journal of the IGPL

IS - 2

ER -

Detection, exploitation and mitigation of memory errors

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this