Memory Error Exploits in C

In this book we examine a number of vulnerabilitiesin C-like languages that can be exploited byattackers to perform code injection attacks. Next, wediscuss countermeasures that provide protectionagainst these kinds of attacks. This book starts off by presenting acomprehensive and structured surveyof vulnerabilities and countermeasures for codeinjection in C-like languages. Variouscountermeasures make different trade-offs in terms ofperformance, eectivity, memory cost, compatibility,etc. This makes it hard to evaluate and compare theadequacy of proposed countermeasures in a givencontext. This survey defines a classification andevaluation framework, on the basis of whichadvantages and disadvantages of countermeasures canbe assessed. This is followed by an in-depthdiscussion of two novel countermeasures which aim tobetter protect against attacks while having only anegligible impact on performance. The firstcountermeasure focuses on stack-based buffer overflows, while the secondaims at heap-based bufferoverflows and double frees.This book will be of interest to computer scientistsand readers interested in security and operating systems.