Our final technique pertains to insertion of checks around critical operations in the code cache. Using checks like this is called sandboxing. The problem with sandboxing by itself, say inserted by a compiler, is that if the attacker gains control, he can bypass the checks. Checks that are inserted by DynamoRIO, however, are un-circumventable. This is because DynamoRIO enforces unique entry points. Let's see what happens if an attacker attempts to target the middle of a basic block. This block has had checks placed around its system call.
|Copyright © 2004 Derek Bruening|