Proceedings ArticleDOI
ROPdefender: a detection tool to defend against return-oriented programming attacks
Lucas Davi,Ahmad-Reza Sadeghi,Marcel Winandy +2 more
- pp 40-51
TLDR
This paper presents a tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions) and can be immediately deployed by end-users, since it does not rely on side information which is rarely provided in practice.Abstract:
Modern runtime attacks increasingly make use of the powerful return-oriented programming (ROP) attack techniques and principles such as recent attacks on Apple iPhone and Acrobat products to name some. These attacks even work under the presence of modern memory protection mechanisms such as data execution prevention (DEP). In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions). In contrast to existing solutions, ROPdefender can be immediately deployed by end-users, since it does not rely on side information (e.g., source code or debugging information) which are rarely provided in practice. Currently, our tool adds a runtime overhead of 2x which is comparable to similar instrumentation-based tools.read more
Citations
More filters
Proceedings ArticleDOI
SoK: Eternal War in Memory
TL;DR: The current knowledge about various protection techniques are systematized by setting up a general model for memory corruption attacks, and what policies can stop which attacks are shown, to analyze the reasons why protection mechanisms implementing stricter polices are not deployed.
Proceedings ArticleDOI
Return-oriented programming without returns
Stephen Checkoway,Lucas Davi,Alexandra Dmitrienko,Ahmad-Reza Sadeghi,Hovav Shacham,Marcel Winandy +5 more
TL;DR: It is shown that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions, and these attacks instead make use of certain instruction sequences that behave like a return.
Proceedings ArticleDOI
Jump-oriented programming: a new class of code-reuse attack
TL;DR: This paper introduces a new class of code-reuse attack, called jump-oriented programming, which eliminates the reliance on the stack and ret instructions (including ret-like instructions such as pop+jmp) seen in return- oriented programming without sacrificing expressive power.
Proceedings ArticleDOI
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
Kevin Z. Snow,Fabian Monrose,Lucas Davi,Alexandra Dmitrienko,Christopher Liebchen,Ahmad-Reza Sadeghi +5 more
TL;DR: This paper introduces the design and implementation of a framework based on a novel attack strategy that undermines the benefits of fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on the fly.
Proceedings ArticleDOI
Practical Control Flow Integrity and Randomization for Binary Executables
Chao Zhang,Tao Wei,Zhaofeng Chen,Lei Duan,Laszlo Szekeres,Stephen McCamant,Dawn Song,Wei Zou +7 more
TL;DR: A new practical and realistic protection method called CCFIR (Compact Control Flow Integrity and Randomization), which addresses the main barriers to CFI adoption and can stop control-flow hijacking attacks including ROP and return-into-libc.
References
More filters
Journal ArticleDOI
Pin: building customized program analysis tools with dynamic instrumentation
Chi-Keung Luk,Robert Cohn,Robert Muth,Harish Patil,Artur Klauser,Geoff Lowney,Steven Wallace,Vijay Janapa Reddi,Kim Hazelwood +8 more
TL;DR: The goals are to provide easy-to-use, portable, transparent, and efficient instrumentation, and to illustrate Pin's versatility, two Pintools in daily use to analyze production software are described.
Proceedings ArticleDOI
Valgrind: a framework for heavyweight dynamic binary instrumentation
TL;DR: Valgrind is described, a DBI framework designed for building heavyweight DBA tools that can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
Proceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
TL;DR: TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.
Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Proceedings ArticleDOI
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
TL;DR: A return-into-libc attack to be mounted on x86 executables that calls no functions at all is presented, and how to discover such instruction sequences by means of static analysis is shown.