Filters








19 Hits in 3.6 sec

Constraint-based Diversification of JOP Gadgets

Rodothea Myrsini Tsoupidi, Roberto Castañeda Lozano, Benoit Baudry
2021 The Journal of Artificial Intelligence Research  
8% of JOP gadgets) with an optimality gap of 10%.  ...  This paper introduces Diversity by Construction (DivCon), a constraint-based compiler approach to software diversification.  ...  Acknowledgments We would like to give a special acknowledgment to Christian Schulte, for his critical contribution at the early stages of this work.  ... 
doi:10.1613/jair.1.12848 fatcat:63qwjpgnfbctvluwfjqem5qkb4

Constraint-based Diversification of JOP Gadgets [article]

Rodothea Myrsini Tsoupidi, Roberto Castañeda Lozano, Benoit Baudry
2021 arXiv   pre-print
This paper introduces Diversity by Construction (DivCon), a constraint-based approach to software diversification.  ...  To further improve the diversification efficiency of DivCon against JOP attacks, we propose an application-specific distance measure tailored to the characteristics of JOP attacks.  ...  Acknowledgments We would like to give a special acknowledgment to Christian Schulte, for his critical contribution at the early stages of this work.  ... 
arXiv:2111.09934v1 fatcat:2hvx2wsxyff6par4u47z66ptba

Constraint-Based Software Diversification for Efficient Mitigation of Code-Reuse Attacks [article]

Rodothea Myrsini Tsoupidi, Roberto Castañeda Lozano, Benoit Baudry
2020 arXiv   pre-print
This paper introduces Diversity by Construction (DivCon), a constraint-based compiler approach to software diversification.  ...  Compiler-based diversification improves the resilience and security of software systems by automatically generating different assembly code versions of a given program.  ...  We would like to give a special acknowledgment to Christian Schulte, for his critical contribution at the early stages of this work.  ... 
arXiv:2007.08955v1 fatcat:arci7lxavveozokixx2kceu4pi

Dwarf Frankenstein is still in your memory: tiny code reuse attacks

AliAkbar Sadeghi, Farzane Aminmansour, Hamid Reza Shahriari
2017 Isecure  
Therefore, the implication of a gadget and the minimum size of an attack chain are a matter of controversy.  ...  The main contribution of this paper is to provide a tricky aspect of code reuse techniques, called tiny code reuse attacks (Tiny-CRA) that demonstrates the ineffectiveness of the threshold based detection  ...  Moreover, due to the use of JOP gadgets in an attack, ROP detections based on implementing a shadow stack, e.g., ROPdefender, are bypassed.  ... 
doi:10.22042/isecure.2017.0.0.4 dblp:journals/isecure/SadeghiAS17 fatcat:mxatws2wg5bfxof7wk7lgxljae

Transparent ROP Exploit Mitigation Using Indirect Branch Tracing

Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis
2013 USENIX Security Symposium  
Our approach is based on the detection of abnormal control transfers that take place during ROP code execution.  ...  ROP exploits are facilitated mainly by the lack of complete address space randomization coverage or the presence of memory disclosure vulnerabilities, necessitating additional ROP-specific mitigations.  ...  Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government, DARPA, the Air Force, ONR, or Intel.  ... 
dblp:conf/uss/PappasPK13 fatcat:rg4emxjfozaqtnc4ii5aiind4u

Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks

Kevin Z. Snow, Roman Rogowski, Jan Werner, Hyungjoon Koo, Fabian Monrose, Michalis Polychronakis
2016 2016 IEEE Symposium on Security and Privacy (SP)  
that destroys potentially useful gadgets as they are disclosed by an adversary.  ...  The intuition is that by destroying code as it is read, an adversary is left with no usable gadgets to reuse in a control-flow hijacking attack.  ...  In doing so, leaked function pointers presumably provide too little information to derive the location of useful ROP or JOP gadgets, thus preventing this form of code reuse.  ... 
doi:10.1109/sp.2016.61 dblp:conf/sp/SnowRWKMP16 fatcat:cuh3omdlerdmzczpkw7qhrjyem

Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP [article]

Salman Ahmed, Ya Xiao, Gang Tan, Kevin Snow, Fabian Monrose, Danfeng Yao
2020 arXiv   pre-print
Besides, our results show that locations of leaked pointers used in JIT-ROP attacks have no impacts on gadget availability, but have an impact on how fast attackers find gadgets.  ...  For example, how would one compute the re-randomization interval effectively by considering the speed of gadget convergence to defeat JIT-ROP attacks?  ...  Besides, compilers sometimes emit extra instructions for optimizations that increase gadgets. Reachability of gadgets. We design our experiments based on the availability of various kinds of gadgets.  ... 
arXiv:1910.03034v3 fatcat:ndjpm6vc7fdunis6iyjfneqrrq

Reasoning about Probabilistic Defense Mechanisms against Remote Attacks [article]

Martín Ochoa, Sebastian Banescu, Cynthia Disenfeld, Gilles Barthe, Vijay Ganesh
2017 arXiv   pre-print
However, it is unclear how to quantify and compare the effectiveness of different probabilistic countermeasures or combinations of such countermeasures.  ...  These guarantees shed light on the effectiveness of single countermeasures and their composition and allow practitioners to more precisely gauge the risk of an attack.  ...  of gadget addresses and other nonexecutable data values.  ... 
arXiv:1701.06743v2 fatcat:owc5azj6zbelbkkzbjxjiw5ohe

Strengthening Software Diversity Through Targeted Diversification

Vipin Singh, Sehrawat, Yvo Desmedt
unpublished
NOP4Gadgets performs targeted diversification, concentrated around the potential Return Oriented Programming (ROP) gadgets.  ...  We propose the use of the count/percentage of usable and surviving gadgets as the metric to quantify the security impact of software diversity algorithms.  ...  ROP and JOP are the two classes of code reuse attack. The gadgets used in ROP and JOP end with return and jump instructions, respectively. Checkoway et al.  ... 
fatcat:sw2hzgasu5dt3lpt7v6lt5glc4

Protecting the stack with PACed canaries

Hans Liljestrand, Zaheer Gauhar, Thomas Nyman, Jan-Erik Ekberg, N. Asokan
2019 Proceedings of the 4th Workshop on System Software for Trusted Execution - SysTEX '19  
Instead, JOP attacks use sequences of instructions with similar behavior. For instance, instead of a return, a JOP gadget could end with an indirect branch instruction.  ...  Probabilistic defenses Code-reuse attacks depend on finding gadgets. A typical program contains a large amount of code, and so gadgets are typically available.  ... 
doi:10.1145/3342559.3365336 dblp:conf/sosp/LiljestrandGNEA19 fatcat:nrvxdisehbau7kd3ojbkuhtxeu

Preventing Code Reuse Attacks On Modern Operating Systems

Marios Pomonis
2020
It also prevents the leakage of return addresses through XOR- based encryption or by hiding them among decoys (fake pointers to instructions that trap the kernel when executed).  ...  The leakage of code pointers is an essential step for the construction of reliable code reuse exploits and their corruption is typically necessary for mounting the attack.  ...  In principle, kR^X may employ any leakage-resilient code diversification scheme to defend against (in)direct (JIT-)ROP/JOP.  ... 
doi:10.7916/d8-83r5-1c58 fatcat:zurdcl4ksvdrhcfisfghb5owxu

ret2dir: Rethinking Kernel Isolation

Vasileios P. Kemerlis, Michalis Polychronakis, Angelos D. Keromytis
2014 USENIX Security Symposium  
Unfortunately, although mechanisms like the above prevent the explicit sharing of the virtual address space among user processes and the kernel, conditions of implicit sharing still exist due to fundamental  ...  Finally, to defend against ret2dir attacks, we present the design and implementation of an exclusive page frame ownership scheme for the Linux kernel that prevents the implicit sharing of physical memory  ...  Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government, DARPA, the Air Force, or Intel.  ... 
dblp:conf/uss/KemerlisPK14 fatcat:br4plyv5kngqhe4q257k33pkry

Defending against Return-Oriented Programming

Vasileios Pappas
2017
Their effectiveness is based on breaking an invariant of ROP attacks: knowledge of the code layout, and a common characteristic: unrestricted use of indirect branches.  ...  These transformations effectively eliminate 10%, and probabilistically break 80% of the useful instruction sequences found in a large set of PE files.  ...  The use of JOP or call-preceded gadgets, however, can circumvent this protection.  ... 
doi:10.7916/d8cz35vh fatcat:6ziifdx5ejg5ljvrg476gc4jja

Binary Exploitation in Industrial Control Systems: Past, Present and Future

Qi Liu, Kaibin Bao, Veit Hagenmeyer
2022
At the end, we conclude this work by stressing the importance of network-based intrusion detection, considering the dominance of resource-constrained real-time embedded devices, low-end embedded devices  ...  industrial internet of things (IIoT), we argue that we will see an increased number of cyber attacks leveraging binary exploitation on ICS in the near future.  ...  A generalization of randomization-based approaches is automated software diversity [141] , [142] , which presents various forms of randomization/diversification, with distinct diversification targets  ... 
doi:10.5445/ir/1000146568 fatcat:e2vc46v7wzar5pceqch3pkgone

Sponge-Based Control-Flow Protection for IoT Devices [article]

Mario Werner, Thomas Unterluggauer, David Schaffenrath, Stefan Mangard
2018 arXiv   pre-print
In this work, we present Sponge-based Control Flow Protection (SCFP). SCFP is a stateful, sponge-based scheme to ensure the confidentiality of software IP and its authentic execution on IoT devices.  ...  Embedded devices in the Internet of Things (IoT) face a wide variety of security challenges.  ...  , e.g., software diversification [18] .  ... 
arXiv:1802.06691v1 fatcat:2oil6wsjevh5xclbf3qyxcpza4
« Previous Showing results 1 — 15 out of 19 results