Next Article in Journal
The Architecture of the Access Protocols of the Global Infocommunication Resources
Previous Article in Journal
Model Based Approach to Cyber–Physical Systems Status Monitoring
Open AccessReview

A Review of Memory Errors Exploitation in x86-64

School of Computing, Engineering and Physical Sciences, University of the West of Scotland, High Street, Paisley PA1 2BE, UK
*
Author to whom correspondence should be addressed.
Computers 2020, 9(2), 48; https://doi.org/10.3390/computers9020048
Received: 23 April 2020 / Revised: 25 May 2020 / Accepted: 2 June 2020 / Published: 8 June 2020
Memory errors are still a serious threat affecting millions of devices worldwide. Recently, bounty programs have reached a new record, paying up to USD 2.5 million for one single vulnerability in Android and up to USD 2 million for Apple’s operating system. In almost all cases, it is common to exploit memory errors in one or more stages to fully compromise those devices. In this paper, we review and discuss the importance of memory error vulnerabilities, and more specifically stack buffer overflows to provide a full view of how memory errors are exploited. We identify the root causes that make those attacks possible on modern x86-64 architecture in the presence of modern protection techniques. We have analyzed how unsafe library functions are prone to buffer overflows, revealing that although there are secure versions of those functions, they are not actually preventing buffer overflows from happening. Using secure functions does not result in software free from vulnerabilities and it requires developers to be security-aware. To overcome this problem, we discuss the three main security protection techniques present in all modern operating system; the non-eXecutable bit (NX), the Stack Smashing Protector (SSP) and the Address Space Layout Randomization (ASLR). After discussing their effectiveness, we conclude that although they provide a strong level of protection against classical exploitation techniques, modern attacks can bypass them. View Full-Text
Keywords: memory errors; x86-64; stack buffer overflows; SSP; ASLR; NX memory errors; x86-64; stack buffer overflows; SSP; ASLR; NX
Show Figures

Figure 1

MDPI and ACS Style

Pirry, C.; Marco-Gisbert, H.; Begg, C. A Review of Memory Errors Exploitation in x86-64. Computers 2020, 9, 48.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Search more from Scilit
 
Search
Back to TopTop