dc.description.abstract | The original control flow of a program is designed by developers, but the attackers may change the control flow via the vulnerabilities in the program. So, the control flow is redirected to the code which the attackers intend to execute, called “abnormal control hijacking” in this
dissertation. When abnormal control flow hijacking occurs, the program itself cannot handle the abnormality. General operating systems are just able to deal with normal exceptions or errors. However, control flow hijacking attack redirects program’s control flow to the injected
code or the intended code. Therefore, general operating systems could not detect the abnormality. In this dissertation, we try to improve the abnormal control flow hijacking countermeasures in general operating
systems.
In this dissertation, we discuss three kinds of countermeasures towards abnormal control flow hijacking. For software testing, ARMORY is proposed to uncover program buffer overflow defects. For network, Serum System is a scanning worm detection mechanism and countermeasure. For mobile devices, ICCDroid inspects the abnormal intercomponents communication hijacking in Android operation system.
Many famous worms and attacks exploit buffer overflow defects to compromise the victim hosts. As a result, on one hand, we apply security testing to uncover program buffer overflow defects and to reduce the possible defects, and on the other hand, we enforce checks to the sys_read-related system calls whether a input string is a buffer overflow attack string or not. If the input string is detected as a buffer overflow attack string, we would try to cure the attacking hosts. Besides, the most popular smartphone operating system, Android, heavily uses inter-component communications (ICCs) in order to reuse the functionality
of other applications’ components. If applications do not protect their basic components and the ICC properly, malicious applications may trigger the execution flow of the vulnerable applications or hijack the content of the communications. Therefore, we enforce additional security checks to look over the receivers list and notify users of the possible ICC hijacking and the malicious behaviors. In addition, ICCDroid records all the communications between components for further analysis. | en_US |