By Topic

TMAC: Taint-Based Memory Protection via Access Control

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Lei Wang ; Dept. of Comput. Sci., Nanjing Univ., Nanjing, China ; Chen Fang ; Bing Mao ; Li Xie

Memory corruption attacks account for most parts of malicious attacks toward software security. Recently dynamic taint analysis is proposed and is gaining momentum. This proposed technique attempts to defeat attacks by checking the taintedness and integrity of pointers when accessing memory since vulnerabilities are always motivated by tainting pointers. Unfortunately, there exists some class of attacks without tainting pointers, such as array bounds violation attacks using pointers. In this paper, we propose a novel approach to defeat this kind of undetected attacks using taint-based tracking analysis. Our notion is based on the memory access control, that is, first, we will check the taintedness of the pointers when accessing memory like existing taint-based approaches, second, we will check whether or not the memory area is in the legitimate range of a pointer used to access this memory. Our implementation dose not need source code and is based on Valgrind, hence works on commodity software. To demonstrate our idea, we performed a preliminary empirical experiments, the results are quite promising: TMAC can effectively detect a wide range of attacks, and the average runtime overhead is close to Memcheck, a widely memory error detector.

Published in:

Dependability, 2009. DEPEND '09. Second International Conference on

Date of Conference:

18-23 June 2009