Scenarios for hijacking execution flow of .NET managed code

Document Type

Conference Proceeding

Publication Date

12-1-2004

Abstract

Although managed code when executed by Common Language Runtime (CLR) is viewed as an environment with verifiable paths of execution, this assertion holds true only when the entire communication code-base on the machine is managed. One known threat to execution flow integrity is when CIL assembly calls into unmanaged code - at that point the security of the entire application, including its managed parts is unverifiable. However, there is a greater danger of security breach of managed code - if there is any legacy based service/daemon running, thus accepting previously unverified input (e.g. IIS, Apache, SQL, SNMP, SMTP, IMAP, FTP, etc.), managed code execution flow cannot be guaranteed, since managed code execution flow could be hijacked out of the CLR engine in ways discussed in this paper. This vulnerability must be taken into consideration prior to product deployment due to its dependency on multiple unknown intrusion points through legacy code, and industry's heavy investment in such.

Identifier

12244275965 (Scopus)

ISBN

[1932415378, 9781932415377]

Publication Title

Proceedings of the International Conference on Security and Management SAM 04

First Page

168

Last Page

172

This document is currently not available here.

Share

COinS