L
Lucas Davi
Researcher at University of Duisburg-Essen
Publications - 99
Citations - 6994
Lucas Davi is an academic researcher from University of Duisburg-Essen. The author has contributed to research in topics: Code reuse & Memory corruption. The author has an hindex of 34, co-authored 90 publications receiving 6025 citations. Previous affiliations of Lucas Davi include Ruhr University Bochum & Technische Universität Darmstadt.
Papers
More filters
Proceedings ArticleDOI
Return-oriented programming without returns
Stephen Checkoway,Lucas Davi,Alexandra Dmitrienko,Ahmad-Reza Sadeghi,Hovav Shacham,Marcel Winandy +5 more
TL;DR: It is shown that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions, and these attacks instead make use of certain instruction sequences that behave like a return.
Proceedings ArticleDOI
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
Kevin Z. Snow,Fabian Monrose,Lucas Davi,Alexandra Dmitrienko,Christopher Liebchen,Ahmad-Reza Sadeghi +5 more
TL;DR: This paper introduces the design and implementation of a framework based on a novel attack strategy that undermines the benefits of fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on the fly.
Book ChapterDOI
Privilege escalation attacks on android
TL;DR: It is shown that a genuine application exploited at runtime or a malicious application can escalate granted permissions, implying that Android's security model cannot deal with a transitive permission usage attack and Android's sandbox model fails as a last resort against malware and sophisticated runtime attacks.
Proceedings Article
Towards Taming Privilege-Escalation Attacks on Android
Sven Bugiel,Lucas Davi,Alexandra Dmitrienko,Thomas Fischer,Ahmad-Reza Sadeghi,Bhargava Shastry +5 more
TL;DR: A heuristic analysis of Android's system behavior is conducted to identify attack patterns, classify different adversary models, and point out the challenges to be tackled, and a system-centric and policy-driven runtime monitoring of communication channels between applications at multiple layers is proposed.
Proceedings ArticleDOI
Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications
Felix Schuster,Thomas Tendyck,Christopher Liebchen,Lucas Davi,Ahmad-Reza Sadeghi,Thorsten Holz +5 more
TL;DR: It is demonstrated that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice, and that even recently proposed defenses that specifically target C++ are vulnerable to COOP.