A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Systematic Analysis of Defenses against Return-Oriented Programming
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
For example, what combination of defenses protect against every known avenue of code reuse? What is the smallest set of such defenses? ...
Since the introduction of return-oriented programming (ROP) by Shacham in 2007 [28] , research in the code reuse space has produced a profusion of increasingly subtle attacks and defenses. ...
Even if it could, since HTTP servers need to use the network interface, open files and run scripts, many of the dangerous syscalls will still be allowed. ...
doi:10.1007/978-3-642-41284-4_5
fatcat:ilek67ffd5aivbkrqxvjgsvfcm
Readactor: Practical Code Randomization Resilient to Memory Disclosure
2015
2015 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. ...
In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks ...
Readactor is the only defense that provides protection against all known variants of ROP attacks (traditional ROP, direct and indirect JIT-ROP), while performing efficiently and protecting JIT-compiled ...
doi:10.1109/sp.2015.52
dblp:conf/sp/CraneLHDLSBF15
fatcat:xtmbvvluhbeeniyjgexyv2f2iu
Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications
2015
2015 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. ...
COOP is Turing complete in realistic attack scenarios and we show its viability by developing sophisticated, real-world exploits for Internet Explorer 10 on Windows and Firefox 36 on Linux. ...
Similarly, the HDROP [60] defense utilizes the performance monitoring counters of modern x86-64 CPUs to detect ROP-based attacks. ...
doi:10.1109/sp.2015.51
dblp:conf/sp/SchusterTLDSH15
fatcat:zokjzurkevaw3jnliawvwlzaki
Booby trapping software
2013
Proceedings of the 2013 workshop on New security paradigms workshop - NSPW '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Cyber warfare is asymmetric in the current paradigm, with attackers having the high ground over defenders. ...
Current passive cyber security defenses such as intrusion detection, anti-virus, and hardened software are not sufficient to repel attackers. ...
Acknowledgments This material is based upon work partially supported by the Defense Advanced Research Projects Agency (DARPA) under contracts D11PC20024 and N660001-1-2-4014, by the National Science Foundation ...
doi:10.1145/2535813.2535824
dblp:conf/nspw/CraneLBF13
fatcat:svu5n5qqiza4tijecybnl5m2ni
The never ending war in the stack and the reincarnation of ROP attacks
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Return Oriented Programming (ROP) is a technique by which an attacker can induce arbitrary behavior inside a vulnerable program without injecting a malicious code. ...
ROP is also considered as one of the most flexible attacks, its level of flexibility, unlike other code reuse attacks, can reach the Turing completeness. ...
The second pattern is still unexplained but we firmly believe that it is linked to some functions called by memcpy. ...
arXiv:2005.11886v1
fatcat:g2vl7lqi3nasfjs3h2ujjnk4se
Selfrando: Securing the Tor Browser against De-anonymization Exploits
2016
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
ASan is used in a hardened version of Tor Browser for test purposes. ...
Tor is a well-known anonymous communication system used by millions of users, including journalists and civil rights activists all over the world. ...
European Union's Seventh Framework Programme Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Defense ...
doi:10.1515/popets-2016-0050
dblp:journals/popets/ContiCFHKLLPS16
fatcat:kbqfjy63orhwvpyd3cpg43zwge
ROPocop - Dynamic Mitigation of Code-Reuse Attacks
[article]
2015
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
It mitigates attacks by both monitoring the program counter at potentially dangerous points and by detecting suspicious program flows. ...
Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available. ...
Depending on the program it might still be possible, but, as previously mentioned, our goal is to break current exploits and make the development of new code-reuse exploits significantly more difficult ...
arXiv:1504.02288v1
fatcat:vjb5audh5nhuniqojknfohaxfu
ROPocop — Dynamic mitigation of code-reuse attacks
2016
Journal of Information Security and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
It mitigates attacks by both monitoring the program counter at potentially dangerous points and by detecting suspicious program flows. ...
Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available. ...
Depending on the program it might still be possible, but, as previously mentioned, our goal is to break current exploits and make the development of new code-reuse exploits significantly more difficult ...
doi:10.1016/j.jisa.2016.01.002
fatcat:tlwz2i7fxngwhfkjoyzdnwm53e
Binary stirring
2012
Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The output is a new binary whose basic block addresses are dynamically determined at load-time. ...
The input to STIR is only the application binary code without any source code, debug symbols, or relocation information. ...
ROP Defenses In addition to diversification defenses, there are other techniques that specifically target ROP attacks. ...
doi:10.1145/2382196.2382216
dblp:conf/ccs/WartellMHL12
fatcat:njkb45kzhffjloul34ifgmp45i
RockJIT
2014
Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks. ...
For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation. ...
This research is supported by US NSF grants CCF-1217710 and CCF-1149211, China NNSF grant 61272086, and a research award from Google. ...
doi:10.1145/2660267.2660281
dblp:conf/ccs/NiuT14
fatcat:xgz62iicqbfzpkyv3c6ffhiz34
Occlum
2020
Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2020 pre-print arXiv:2001.07450v1 fatcat:od7latyc4jeqfmm4fudht5zdgm
SFI is a software instrumentation technique for sandboxing untrusted modules (called domains). ...
As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking. ...
ROP attacks. Now that a malicious SIP cannot inject new code, it can still attempt to reuse existing code gadgets for ROP attacks. ...
doi:10.1145/3373376.3378469
dblp:conf/asplos/ShenTCCWXXY20
fatcat:44rhgr4bjnex7k76coznen4244
Missing the Point(er): On the Effectiveness of Code Pointer Integrity
2015
2015 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Memory corruption attacks continue to be a major vector of attack for compromising modern systems. ...
On x86-32, this isolation is enforced by hardware; on x86-64 and ARM, isolation is enforced by information hiding. ...
In fact, the only assumption necessary for an attacker to break CPI is control of the stack, which is consistent with other code reuse attacks and defenses in the literature [49, 23, 57] . ...
doi:10.1109/sp.2015.53
dblp:conf/sp/EvansFGOTSSRO15
fatcat:shhcd5e5dbfubnnfsvt6p5wp64
Memory Errors: The Past, the Present, and the Future
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf.
Memory error exploitations have been around for over 25 years and still rank among the top 3 most dangerous software errors. Why haven't we been able to stop them? ...
In this paper, we present a quarter century worth of memory errors: attacks, defenses, and statistics. ...
This high success rate is caused by the fact that modern OSes do not adopt or lack PIE. ...
doi:10.1007/978-3-642-33338-5_5
fatcat:ixcwu2djbrctbcjs5sd6l7uupe
SoK: Eternal War in Memory
2013
2013 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Especially important is performance, as experience shows that only solutions whose overhead is in reasonable bounds get deployed. ...
The memory war effectively is an arms race between offense and defense. ...
Allocation information tells if the pointed to object is still valid. ...
doi:10.1109/sp.2013.13
dblp:conf/sp/SzekeresPWS13
fatcat:slxnjwdqhrcx3crwc7dtjyxpqq
From Zygote to Morula: Fortifying Weakened ASLR on Android
2014
2014 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf.
This material is based upon work supported in part by the National Science ...
As modern commodity OSes provide ASLR/DEP defense mechanisms by default [24, 43] , attack techniques also try to evolve to bypass ASLR/DEP. ...
For example, Flash, Java, and the .NET runtime in IE8/9/10 [42, 44] are well-known targets for ROP-gadgets to break ASLR/DEP in Windows. ...
doi:10.1109/sp.2014.34
dblp:conf/sp/LeeLWKL14
fatcat:marfpzjz6zdpzjlcpsfmuedjqi
« Previous
Showing results 1 — 15 out of 498 results