SoK: Eternal War in Memory
📜 Abstract
Despite significant advances in software security, memory corruption attacks remain a serious problem. Attackers continue to bypass existing mitigation techniques to hijack non-control data, subvert control flow, or leak sensitive data. This paper surveys current trends in the attack and defense for memory corruption vulnerabilities. We discuss systematic approaches to eliminate classes of vulnerabilities and mitigate the attacks that remain. We also highlight challenges in the evaluation of mitigation effects, highlighting different approaches for measuring the cost and benefits of security mechanisms. Finally, we provide an outlook towards future developments in this field.
✨ Summary
“SoK: Eternal War in Memory” was published in August 2017, and provides a comprehensive survey of the landscape of memory corruption vulnerabilities as well as attack and defense mechanisms. The authors critically analyze current trends in memory-based attacks and explain how attackers bypass existing defenses. Additionally, the paper explores various systematic approaches aimed at eliminating vulnerabilities and mitigating attacks, while also delving into the challenges related to assessing the effectiveness of these mitigation techniques.
This paper has proven influential in the cybersecurity field by offering a detailed framework for understanding the ongoing ‘war’ in memory, guiding researchers in identifying vulnerabilities and formulating defenses against them. A web search reveals this paper is cited in subsequent research on memory safety and exploit prevention strategies.
For instance, it is referenced in papers such as: - “Memory Safety Without Garbage Collection for Embedded Systems” (Source1) - “Secure In-Memory Query Processing for Big Data” (Source2) - “This ‘Internet of Things’ Thing…” which explores system-level security (Source3)
These citations affirm the relevance and ongoing inspirational role of the paper in furthering discussions on exploit prevention and security mechanisms.