Filters








2,107 Hits in 6.7 sec

Return-Oriented Programming in RISC-V [article]

Garrett Gu, Hovav Shacham
2020 arXiv   pre-print
RISC-V is an open-source hardware ISA based on the RISC design principles, and has been the subject of some novel ROP mitigation technique proposals due to its open-source nature.  ...  We show that RISC-V ROP can be used to perform Turing complete calculation and arbitrary function calls by leveraging gadgets found in a version of the GNU libc library.  ...  Availability We make the Brainfuck-to-RISC-V-ROP compiler available at https://garrettgu10.github.io/fuck-riscvrop/ and we make its full source code available at https://github.com/garrettgu10/fuck-riscv-rop  ... 
arXiv:2007.14995v1 fatcat:45qy62uqnvfubkxekif4dlmp3e

Return-Oriented Programming

Ryan Roemer, Erik Buchanan, Hovav Shacham, Stefan Savage
2012 ACM Transactions on Privacy and Security  
We introduce return-oriented programming, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted -without injecting any code.  ...  Return-oriented programming defeats the W⊕X protections recently deployed by Microsoft, Intel, and AMD; in this context, it can be seen as a generalization of traditional return-into-libc attacks.  ...  for his detailed comments on versions of the manuscript; members of the MIT Cryptography and Information Security Seminar, Berkeley Systems Lunch, and Stanford Security Lunch for their comments on early  ... 
doi:10.1145/2133375.2133377 fatcat:absjthdgozevpiuzpht67vhfva

CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization

Robert N.M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton (+3 others)
2015 2015 IEEE Symposium on Security and Privacy  
We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack.  ...  CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in  ...  However, our current prototypes scratch only the surface of the possible explorations that could be performed, and we hope to continue this work in the following ways.  ... 
doi:10.1109/sp.2015.9 dblp:conf/sp/WatsonWNMACDDGL15 fatcat:gd6ypvyzlzhwzp4a6xfwb537zi

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz
2015 2015 IEEE Symposium on Security and Privacy  
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs.  ...  Our novel attack technique, denoted as counterfeit object-oriented programming (COOP), induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through  ...  ACKNOWLEDGMENT We thank the anonymous reviewers and Herbert Bos for their constructive comments that guided the final version of this paper.  ... 
doi:10.1109/sp.2015.51 dblp:conf/sp/SchusterTLDSH15 fatcat:zokjzurkevaw3jnliawvwlzaki

Preventing Ransomware Attacks Through File System Filter Drivers

Giovanni Bottazzi, Giuseppe F. Italiano, Domenico Spera
2018 Italian Conference on Cybersecurity  
Our approach differs from the above by shifting the focus from removing the problem to mitigating damages, to ensure data availability despite malware attacks.  ...  Over the last years ransomware attacks have been widely spreading over the Internet, indiscriminately targeting home users as well as corporates and public agencies.  ...  When a callback routine returns, it calls, in order, the next registered Minifilter callback routine.  ... 
dblp:conf/itasec/BottazziIS18 fatcat:4yxnpvcj3bdjhf7gq3r6ttt3d4

ROPMEMU

Mariano Graziano, Davide Balzarotti, Alain Zidouemba
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
Code reuse attacks based on return oriented programming (ROP) are becoming more and more prevalent every year.  ...  They started as a way to circumvent operating systems protections against injected code, but they are now also used as a technique to keep the malicious code hidden from detection and analysis systems.  ...  Return Oriented Programming Security countermeasures introduced in the last decade in modern operating systems forced attackers to adapt and find new ways to exploit programs.  ... 
doi:10.1145/2897845.2897894 dblp:conf/ccs/GrazianoBZ16 fatcat:pahe2mrbefdzlmcuxdd7lcjzua

Protecting the stack with PACed canaries

Hans Liljestrand, Zaheer Gauhar, Thomas Nyman, Jan-Erik Ekberg, N. Asokan
2019 Proceedings of the 4th Workshop on System Software for Trusted Execution - SysTEX '19  
In this section, I will present the early progression of attacks, from code injection [149, 108] to return-oriented programming (ROP) [141] .  ...  Moreover, advanced attack techniques such as just-in-time return-oriented programming (JIT-ROP) can discover new gadgets while executing a ROP attack [145] .  ... 
doi:10.1145/3342559.3365336 dblp:conf/sosp/LiljestrandGNEA19 fatcat:nrvxdisehbau7kd3ojbkuhtxeu

Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory [chapter]

Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Davide Balzarotti
2016 Lecture Notes in Computer Science  
Control Flow Integrity (CFI) is a promising defense technique against code-reuse attacks.  ...  This way, violations of the intended control flow graphs would then trigger transactional aborts, which constitutes the core of our TSX-based CFI solution.  ...  Return Oriented Programming (ROP), for instance, relies on the fact that a set of so called Gadgets, each ending with a return instruction, can be chained together to form a more complex piece of code.  ... 
doi:10.1007/978-3-319-45719-2_2 fatcat:bet7i7wsfjgarhfajvihjgilpy

RockJIT

Ben Niu, Gang Tan
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks.  ...  a small amount of changes to V8's code.  ...  This research is supported by US NSF grants CCF-1217710 and CCF-1149211, China NNSF grant 61272086, and a research award from Google.  ... 
doi:10.1145/2660267.2660281 dblp:conf/ccs/NiuT14 fatcat:xgz62iicqbfzpkyv3c6ffhiz34

Weird machines, exploitability, and provable unexploitability

Thomas F. Dullien
2017 IEEE Transactions on Emerging Topics in Computing  
The papers also shows, somewhat counterintuitively, that it is feasible to design some software in a way that even powerful attackers-with the ability to corrupt memory once-cannot gain an advantage.  ...  This paper clarifies a number of these concepts, provides a clear definition of exploit, a clear definition of the concept of a weird machine, and how programming of a weird machine leads to exploitation  ...  Intuitively, a program has gone 'off the rails' or a bug has occurred when the concrete cpu has entered a state that has no clean equivalent in the IFSM-when the state of the cpu neither maps to a valid  ... 
doi:10.1109/tetc.2017.2785299 fatcat:n6viil4wibdtpilrzy4yk2xlja

Unlimited Lives: Secure In-Process Rollback with Isolated Domains [article]

Merve Turhan, Thomas Nyman, Christoph Bauman, Jan Tobias Mühlberg
2022 arXiv   pre-print
Although well-known defenses that detect and mitigate memory-safety related issues exist, they don't address the challenge of software resilience, i.e., whether a system under attack can continue to carry  ...  The use of unsafe programming languages still remains one of the major root causes of software vulnerabilities.  ...  We further thank Stijn Volckaert and his team at KU Leuven -Ghent for providing the infrastructure to run our experiments, and for his feedback on our work.  ... 
arXiv:2205.03205v1 fatcat:oxfh7viwrrb4ffdodxrl2ru4pm

CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software

Xiaoyang Xu, Masoud Ghaffarinia, Wenhao Wang, Kevin W. Hamlen, Zhiqiang Lin
2019 USENIX Security Symposium  
programming attacks).  ...  Although CFI has become a mainstay of protecting certain classes of software from code-reuse attacks, and continues to be improved by ongoing research, its ability to preserve intended program functionalities  ...  Acknowledgments The authors thank Tyler Bletsch, Dimitar Bounov, Mihai Budiu, Yueqiang Cheng, Xuhua Ding, Hong Hu, Jay Ligatti, Ben Niu, Mathias Payer, Michalis Polychronakis, R.  ... 
dblp:conf/uss/XuGWHL19 fatcat:cosrdv25rbeyrbjneyj4h5yfd4

New Results for Timing-Based Attestation

Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth
2012 2012 IEEE Symposium on Security and Privacy  
To address this topic, we present the three conditions required to execute such an attack, and how past attacks and defenses relate to these conditions.  ...  for the attacker.  ...  The ability for an attacker to corrupt return addresses and have our code return to attacker code undetected was one area we mitigated.  ... 
doi:10.1109/sp.2012.45 dblp:conf/sp/KovahKWHAB12 fatcat:t653hxfvqrgdlkbubnjj2zawfe

Overcoming Security Challenges in Microservice Architectures

Tetiana Yarygina, Anya Helene Bagge
2018 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE)  
A natural progression of this work is to propose an architectural style that incorporates basic security principles.  ...  RESTUS partially addresses the security issues of the stateless resource constraint, but not the issues related to the cache and code-on-demand constraints.  ...  The attacker exploits the server using a stack based buffer overflow using a standard ROP (Return-oriented Programming) based exploit with the target having ASLR and NX-bit enabled.  ... 
doi:10.1109/sose.2018.00011 dblp:conf/sose/YaryginaB18 fatcat:54wjuoxxhff2tlldyvowt2p2em

The Security Reference Architecture for Blockchains: Towards a Standardized Model for Studying Vulnerabilities, Threats, and Defenses [article]

Ivan Homoliak, Sarad Venugopalan, Qingze Hum, Daniel Reijsbergen, Richard Schumi, Pawel Szalachowski
2020 arXiv   pre-print
To fill this gap, the main focus of our work is to systematize and extend the knowledge about the security and privacy aspects of blockchains and contribute to the standardization of this domain.  ...  We propose the security reference architecture (SRA) for blockchains, which adopts a stacked model (similar to the ISO/OSI) describing the nature and hierarchy of various security and privacy aspects.  ...  However, it is important to note that the assumption about the code executed in TEE is its bugfreeness, and thus one might not use return-oriented programming or other techniques to ex-filtrate sealed  ... 
arXiv:1910.09775v2 fatcat:xvxnekjhtbbt7dc4b3kxy3m6xi
« Previous Showing results 1 — 15 out of 2,107 results