关键词: 内存腐烂攻击，指针着色，内存访问

Abstract: Memory corruption attacks account for most parts of malicious attacks toward software security. Recently dynamic taint analysis was proposed and was gaining momentum. This proposed technique attempts to defeat attacks by checking the taintedness and integrity of pointers when accessing memory. Unfortunately, there exists some class of attacks without tainting pointers, such as array bounds violation attacks using pointers. We proposed a novel approach to defeat this kind of undetected attacks using taint based tracking analysis. Our notion is based on the memory access control,dmt is, first,we will check the taintedness of the pointers when accessing memory like existing taint based approaches, second, we will check whether or not the memory area pointed by the pointer is in the legitimate range of the accessing pointer. Our implementation does not need source code and is based on Valgrind, hence works on commodity software. To demonstrate our idea,we performed a preliminary empirical experiments, the results arc quite promising;our system can effectively detect a wide range of attacks, and the average runtime overhead is close to Memcheck, a widely used memory error detector.

Key words: Memory corruption attacks,Taint pointers,Memory access