Attacks often exploit memory errors to gain control over the execution of vulnerable programs. These attacks remain a serious problem despite previous research on techniques to prevent them.
We believe there are two reasons for this: techniques that are used to prevent these attacks fail to prevent many attacks; and most techniques are not used because they have high overhead or they require non-trivial changes to the source code or the language runtime.
We present Write Integrity Testing (WIT), a new technique that provides practical protection from these attacks.
We discuss an efficient implementation with optimizations to reduce space and time overhead. This implementation can be used in practice because it compiles C and C++ programs without modifications, it has high coverage with no false positives, and it has low overhead. WIT's average runtime overhead is only 7% aross a set of CPU intensive benchmarks and is negligible when IO is the bottleneck.
Periklis Akritidis is a second year PhD student in the University of Cambrige with the Systems Research Group under the supervision of Dr. Steven Hand.
This is joint work with Cristian Cadar, Costin Raiciu, Manuel Costa and Miguel Castro from Microsoft Research.
