498 Hits in 5.3 sec

Systematic Analysis of Defenses against Return-Oriented Programming [chapter]

Richard Skowyra, Kelly Casteel, Hamed Okhravi, Nickolai Zeldovich, William Streilein
2013 Lecture Notes in Computer Science  
For example, what combination of defenses protect against every known avenue of code reuse? What is the smallest set of such defenses?  ...  Since the introduction of return-oriented programming (ROP) by Shacham in 2007 [28] , research in the code reuse space has produced a profusion of increasingly subtle attacks and defenses.  ...  Even if it could, since HTTP servers need to use the network interface, open files and run scripts, many of the dangerous syscalls will still be allowed.  ... 
doi:10.1007/978-3-642-41284-4_5 fatcat:ilek67ffd5aivbkrqxvjgsvfcm

Readactor: Practical Code Randomization Resilient to Memory Disclosure

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz
2015 2015 IEEE Symposium on Security and Privacy  
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging.  ...  In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks  ...  Readactor is the only defense that provides protection against all known variants of ROP attacks (traditional ROP, direct and indirect JIT-ROP), while performing efficiently and protecting JIT-compiled  ... 
doi:10.1109/sp.2015.52 dblp:conf/sp/CraneLHDLSBF15 fatcat:xtmbvvluhbeeniyjgexyv2f2iu

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz
2015 2015 IEEE Symposium on Security and Privacy  
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs.  ...  COOP is Turing complete in realistic attack scenarios and we show its viability by developing sophisticated, real-world exploits for Internet Explorer 10 on Windows and Firefox 36 on Linux.  ...  Similarly, the HDROP [60] defense utilizes the performance monitoring counters of modern x86-64 CPUs to detect ROP-based attacks.  ... 
doi:10.1109/sp.2015.51 dblp:conf/sp/SchusterTLDSH15 fatcat:zokjzurkevaw3jnliawvwlzaki

Booby trapping software

Stephen Crane, Per Larsen, Stefan Brunthaler, Michael Franz
2013 Proceedings of the 2013 workshop on New security paradigms workshop - NSPW '13  
Cyber warfare is asymmetric in the current paradigm, with attackers having the high ground over defenders.  ...  Current passive cyber security defenses such as intrusion detection, anti-virus, and hardened software are not sufficient to repel attackers.  ...  Acknowledgments This material is based upon work partially supported by the Defense Advanced Research Projects Agency (DARPA) under contracts D11PC20024 and N660001-1-2-4014, by the National Science Foundation  ... 
doi:10.1145/2535813.2535824 dblp:conf/nspw/CraneLBF13 fatcat:svu5n5qqiza4tijecybnl5m2ni

The never ending war in the stack and the reincarnation of ROP attacks [article]

Ammari Nader, Joan Calvet, Jose M. Fernandez
2020 arXiv   pre-print
Return Oriented Programming (ROP) is a technique by which an attacker can induce arbitrary behavior inside a vulnerable program without injecting a malicious code.  ...  ROP is also considered as one of the most flexible attacks, its level of flexibility, unlike other code reuse attacks, can reach the Turing completeness.  ...  The second pattern is still unexplained but we firmly believe that it is linked to some functions called by memcpy.  ... 
arXiv:2005.11886v1 fatcat:g2vl7lqi3nasfjs3h2ujjnk4se

Selfrando: Securing the Tor Browser against De-anonymization Exploits

Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, Ahmad-Reza Sadeghi
2016 Proceedings on Privacy Enhancing Technologies  
ASan is used in a hardened version of Tor Browser for test purposes.  ...  Tor is a well-known anonymous communication system used by millions of users, including journalists and civil rights activists all over the world.  ...  European Union's Seventh Framework Programme Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Defense  ... 
doi:10.1515/popets-2016-0050 dblp:journals/popets/ContiCFHKLLPS16 fatcat:kbqfjy63orhwvpyd3cpg43zwge

ROPocop - Dynamic Mitigation of Code-Reuse Attacks [article]

Andreas Follner, Eric Bodden
2015 arXiv   pre-print
It mitigates attacks by both monitoring the program counter at potentially dangerous points and by detecting suspicious program flows.  ...  Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available.  ...  Depending on the program it might still be possible, but, as previously mentioned, our goal is to break current exploits and make the development of new code-reuse exploits significantly more difficult  ... 
arXiv:1504.02288v1 fatcat:vjb5audh5nhuniqojknfohaxfu

ROPocop — Dynamic mitigation of code-reuse attacks

Andreas Follner, Eric Bodden
2016 Journal of Information Security and Applications  
It mitigates attacks by both monitoring the program counter at potentially dangerous points and by detecting suspicious program flows.  ...  Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available.  ...  Depending on the program it might still be possible, but, as previously mentioned, our goal is to break current exploits and make the development of new code-reuse exploits significantly more difficult  ... 
doi:10.1016/j.jisa.2016.01.002 fatcat:tlwz2i7fxngwhfkjoyzdnwm53e

Binary stirring

Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin
2012 Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12  
The output is a new binary whose basic block addresses are dynamically determined at load-time.  ...  The input to STIR is only the application binary code without any source code, debug symbols, or relocation information.  ...  ROP Defenses In addition to diversification defenses, there are other techniques that specifically target ROP attacks.  ... 
doi:10.1145/2382196.2382216 dblp:conf/ccs/WartellMHL12 fatcat:njkb45kzhffjloul34ifgmp45i


Ben Niu, Gang Tan
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
The danger to a JIT compiler is that an attacker can often control the input program and use it to trigger a vulnerability in the JIT compiler to launch code injection or JIT spraying attacks.  ...  For performance, modern implementations of managed languages adopt Just-In-Time (JIT) compilation.  ...  This research is supported by US NSF grants CCF-1217710 and CCF-1149211, China NNSF grant 61272086, and a research award from Google.  ... 
doi:10.1145/2660267.2660281 dblp:conf/ccs/NiuT14 fatcat:xgz62iicqbfzpkyv3c6ffhiz34


Youren Shen, Hongliang Tian, Yu Chen, Kang Chen, Runji Wang, Yi Xu, Yubin Xia, Shoumeng Yan
2020 Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems  
SFI is a software instrumentation technique for sandboxing untrusted modules (called domains).  ...  As virtually any non-trivial application demands multiple processes, it is essential for LibOSes to support multitasking.  ...  ROP attacks. Now that a malicious SIP cannot inject new code, it can still attempt to reuse existing code gadgets for ROP attacks.  ... 
doi:10.1145/3373376.3378469 dblp:conf/asplos/ShenTCCWXXY20 fatcat:44rhgr4bjnex7k76coznen4244

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, Hamed Okhravi
2015 2015 IEEE Symposium on Security and Privacy  
Memory corruption attacks continue to be a major vector of attack for compromising modern systems.  ...  On x86-32, this isolation is enforced by hardware; on x86-64 and ARM, isolation is enforced by information hiding.  ...  In fact, the only assumption necessary for an attacker to break CPI is control of the stack, which is consistent with other code reuse attacks and defenses in the literature [49, 23, 57] .  ... 
doi:10.1109/sp.2015.53 dblp:conf/sp/EvansFGOTSSRO15 fatcat:shhcd5e5dbfubnnfsvt6p5wp64

Memory Errors: The Past, the Present, and the Future [chapter]

Victor van der Veen, Nitish dutt-Sharma, Lorenzo Cavallaro, Herbert Bos
2012 Lecture Notes in Computer Science  
Memory error exploitations have been around for over 25 years and still rank among the top 3 most dangerous software errors. Why haven't we been able to stop them?  ...  In this paper, we present a quarter century worth of memory errors: attacks, defenses, and statistics.  ...  This high success rate is caused by the fact that modern OSes do not adopt or lack PIE.  ... 
doi:10.1007/978-3-642-33338-5_5 fatcat:ixcwu2djbrctbcjs5sd6l7uupe

SoK: Eternal War in Memory

L. Szekeres, M. Payer, Tao Wei, Dawn Song
2013 2013 IEEE Symposium on Security and Privacy  
Especially important is performance, as experience shows that only solutions whose overhead is in reasonable bounds get deployed.  ...  The memory war effectively is an arms race between offense and defense.  ...  Allocation information tells if the pointed to object is still valid.  ... 
doi:10.1109/sp.2013.13 dblp:conf/sp/SzekeresPWS13 fatcat:slxnjwdqhrcx3crwc7dtjyxpqq

From Zygote to Morula: Fortifying Weakened ASLR on Android

Byoungyoung Lee, Long Lu, Tielei Wang, Taesoo Kim, Wenke Lee
2014 2014 IEEE Symposium on Security and Privacy  
This material is based upon work supported in part by the National Science  ...  As modern commodity OSes provide ASLR/DEP defense mechanisms by default [24, 43] , attack techniques also try to evolve to bypass ASLR/DEP.  ...  For example, Flash, Java, and the .NET runtime in IE8/9/10 [42, 44] are well-known targets for ROP-gadgets to break ASLR/DEP in Windows.  ... 
doi:10.1109/sp.2014.34 dblp:conf/sp/LeeLWKL14 fatcat:marfpzjz6zdpzjlcpsfmuedjqi
« Previous Showing results 1 — 15 out of 498 results