Filters








64 Hits in 8.9 sec

Control Flow and Code Integrity for COTS binaries

Mingwei Zhang, R. Sekar
2015 Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015  
Through experimental evaluation, we demonstrate that our CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets.  ...  Control-Flow Integrity (CFI) has been recognized as an important low-level security property.  ...  Acknowledgements We are very grateful to the developers of Katana, especially James Oakley for his quick and very helpful responses to our questions.  ... 
doi:10.1145/2818000.2818016 dblp:conf/acsac/ZhangS15 fatcat:chj3krubcneurm6dy2727yc2fi

Binary stirring

Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
Attackers can exploit this limitation to craft robust shell codes for such applications, as demonstrated by a recent attack that reuses instruction gadgets from the static binary code of victim applications  ...  Therefore, even if an attacker can find code gadgets in one instance of the binary, the instruction addresses in other instances are unpredictable.  ...  ACKNOWLEDGMENTS We thank David Brumley and Edward Schwartz for sharing Q [50] to better evaluate our system.  ... 
doi:10.1145/2382196.2382216 dblp:conf/ccs/WartellMHL12 fatcat:njkb45kzhffjloul34ifgmp45i

Control Flow Integrity for COTS Binaries

Mingwei Zhang, R. Sekar
2013 USENIX Security Symposium  
Acknowledgements We are very grateful to the developers of Katana, especially James Oakley for his quick and very helpful responses to our questions.  ...  Also we thank Edward Schwartz for his technique support.  ...  in an attack. 8 Related Work ROP Attacks and Defenses Return Oriented Programing (ROP) [38] is a powerful code reuse attack.  ... 
dblp:conf/uss/ZhangS13 fatcat:jzzurr5b3zbxhpqp2qwv5m2v3q

A platform for secure static binary instrumentation

Mingwei Zhang, Rui Qiao, Niranjan Hasabnis, R. Sekar
2014 Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments - VEE '14  
We illustrate the versatility of PSI by developing several instrumentation applications: basic block counting, shadow stack defense against control-flow hijack and return-oriented programming attacks,  ...  Program instrumentation techniques form the basis of many recent software security defenses, including defenses against common exploits and security policy enforcement.  ...  While their approach is useful against buffer overflow attacks on return addresses, they are not effective against ROP attacks that mainly use unintended return instructions, as there will be no shadow  ... 
doi:10.1145/2576195.2576208 dblp:conf/vee/ZhangQHS14 fatcat:4sr2mtbiwbfrpgewki62xvfsiq

A platform for secure static binary instrumentation

Mingwei Zhang, Rui Qiao, Niranjan Hasabnis, R. Sekar
2014 SIGPLAN notices  
We illustrate the versatility of PSI by developing several instrumentation applications: basic block counting, shadow stack defense against control-flow hijack and return-oriented programming attacks,  ...  Program instrumentation techniques form the basis of many recent software security defenses, including defenses against common exploits and security policy enforcement.  ...  While their approach is useful against buffer overflow attacks on return addresses, they are not effective against ROP attacks that mainly use unintended return instructions, as there will be no shadow  ... 
doi:10.1145/2674025.2576208 fatcat:kxlga5pqljdwzkb3lljzgwhfx4

Practical Control Flow Integrity and Randomization for Binary Executables

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, L. Szekeres, S. McCamant, Dawn Song, Wei Zou
2013 2013 IEEE Symposium on Security and Privacy  
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking attacks. However, performance and compatibility issues limit its adoption.  ...  Based on these approaches, CCFIR can stop control-flow hijacking attacks including ROP and returninto-libc. Results show that ROP gadgets are all eliminated.  ...  In summary, our CCFIR protection approach has the following key advantages: • Robust protection: provides strong defense against control-flow hijacking attacks including return-to-libc and ROP.  ... 
doi:10.1109/sp.2013.44 dblp:conf/sp/ZhangWCDSMSZ13 fatcat:4wpiakww7jem5oipi7gx6pb44u

Securing Legacy Software against Real-World Code-Reuse Exploits

Ahmad-Reza Sadeghi, Lucas Davi, Per Larsen
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
We also provide a brief analysis and categorization of existing defensive techniques and ongoing work in the areas of code randomization and control-flow integrity, and cover both hardware and software-based  ...  Moreover, it remains to be seen whether these prototype defenses can be matured and integrated into operating systems, compilers, and other systems software.  ...  As with many real-world ROP attacks, the disclosure of a single runtime memory address is sufficient.  ... 
doi:10.1145/2714576.2737090 dblp:conf/ccs/SadeghiDL15 fatcat:uboz4povh5bs5az6uyznfk2s3u

Strict Virtual Call Integrity Checking for C++ Binaries

Mohamed Elsabagh, Dan Fleck, Angelos Stavrou
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
In addition, we discuss how VCI defends against real-world attacks, and how it impacts advanced vtable reuse attacks such as COOP.  ...  However, attackers can bypass these defenses by crafting attacks that reuse existing code in a program's memory.  ...  Acknowledgments We thank the anonymous reviewers for their valuable comments. This material is based on work supported by the National Science Foundation (NSF) under grant no.  ... 
doi:10.1145/3052973.3052976 dblp:conf/ccs/ElsabaghFS17 fatcat:wqfuadxqhbbmpfcuuhrd34wrwy

Securing untrusted code via compiler-agnostic binary rewriting

Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin
2012 Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12  
An implementation of REINS for Microsoft Windows demonstrates that it is effective and practical for a real-world OS and architecture, introducing only about 2.4% runtime overhead to rewritten binaries  ...  Binary code from untrusted sources remains one of the primary vehicles for malicious software attacks.  ...  It is possible for an attacker to craft ROP [33] or Q [31] shell code to overwrite the stack pointer and break the internal control flows, but the attacker must ultimately manipulate the arguments  ... 
doi:10.1145/2420950.2420995 dblp:conf/acsac/WartellMHL12 fatcat:zdze6nmbwzfvtkwoeonw6ytwvi

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose
2014 USENIX Security Symposium  
To counter this ingenious attack strategy, several proposals for enforcement of (coarse-grained) control-flow integrity (CFI) have emerged.  ...  In this paper, we provide the first comprehensive security analysis of various CFI solutions (covering kBouncer, ROPecker, CFI for COTS binaries, ROP-Guard, and Microsoft EMET 4.1).  ...  Snow and Úlfar Erlingsson for their valuable feedback on earlier versions of this paper.  ... 
dblp:conf/uss/DaviSLM14 fatcat:pjdqrachyrctxc3e6ztsri6tme

A Principled Approach for ROP Defense

Rui Qiao, Mingwei Zhang, R. Sekar
2015 Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015  
Return-Oriented Programming (ROP) is an effective attack technique that can escape modern defenses such as DEP.  ...  In this work, we address this challenge by presenting a principled approach for ROP defense on COTS binaries.  ...  Experimental Evaluation of ROP Defense We evaluated the effectiveness of our approach using two real-world ROP attacks.  ... 
doi:10.1145/2818000.2818021 dblp:conf/acsac/QiaoZS15 fatcat:3frefhwfabgurdttmxdoiqsvee

Lightweight and Seamless Memory Randomization for Mission-Critical Services in a Cloud Platform

Joobeom Yun, Ki-Woong Park, Dongyoung Koo, Youngjoo Shin
2020 Energies  
Among them, code-reuse attacks are still an effective means of abusing software vulnerabilities.  ...  for system modifications, and the need for recompiling source codes or restarting processes.  ...  Author Contributions: J.Y. and Y.S. contributed the ideas and wrote the paper; D.K. designed and conducted the experiments; K.-W.P. performed the security analysis.  ... 
doi:10.3390/en13061332 fatcat:zlahmlnpiffvxni2gytlzmtuxu

Readactor: Practical Code Randomization Resilient to Memory Disclosure

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz
2015 2015 IEEE Symposium on Security and Privacy  
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging.  ...  In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks  ...  ACKNOWLEDGMENT The authors thank the anonymous reviewers, Mathias Payer, Robert Turner, and Mark Murphy for their detailed and constructive feedback.  ... 
doi:10.1109/sp.2015.52 dblp:conf/sp/CraneLHDLSBF15 fatcat:xtmbvvluhbeeniyjgexyv2f2iu

Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices [chapter]

Matthias Neugschwandtner, Collin Mulliner, William Robertson, Engin Kirda
2016 Lecture Notes in Computer Science  
We implemented BINtegrity for the Linux operating system. BINtegrity is practical, and restricts the ability of attackers to exploit generic memory corruption vulnerabilities in COTS binaries.  ...  Our evaluation demonstrates that BINtegrity incurs a very low overhead -only 2%, -and shows that our approach mitigates both code injection and code reuse attacks.  ...  We leverage common properties of the RISC architecture to design and build an exploit mitigation system that is practical and low-overhead and thus lends itself specifically for the use in systems with  ... 
doi:10.1007/978-3-319-45572-3_4 fatcat:2lmpzvd2efahzaoebrkl5she3e

Detecting Code Reuse Attacks with a Model of Conformant Program Execution [chapter]

Emily R. Jacobson, Andrew R. Bernat, William R. Williams, Barton P. Miller
2014 Lecture Notes in Computer Science  
In our testing, ROPStop accurately detected real exploits while imposing low overhead on a set of modern applications: 5.3% on SPEC CPU2006 and 6.3% on an Apache HTTP Server.  ...  We present a systematic approach based on first principles for the efficient, robust detection of these attacks; our work enforces expected program behavior instead of defending against anticipated attacks  ...  ; and Department of Homeland Security under AFRL Contract FA8750-12-2-0289.  ... 
doi:10.1007/978-3-319-04897-0_1 fatcat:j2orydo2qjeqhf3kmn22misxba
« Previous Showing results 1 — 15 out of 64 results