Efficiently Securing Systems from Code Reuse Attacks

ROPDetect : Detection of Code Reuse Attacks

Software exploitation, as used by malware and other kinds of attacks, require the attacker to take control of code execution. Historically, this involves injecting code into memory and using a software vulnerability to execute it. This works because both ARM and x86 uses a modified Harvard architecture which allows code and data memory to be shared. ARMv6 introduced the “execute never”[1] featu...

ROPocop - Dynamic Mitigation of Code-Reuse Attacks

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but nevertheless, new exploits that successfully bypass these technologies still appear on a regular basis. In this paper, we propose ROPocop, a novel approach for dete...

Dwarf Frankenstein is still in your memory: tiny code reuse attacks

Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...

Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems

Inheritance: from code reuse to reasoning reuse

In the Object-Oriented approach a designer can, given an existing base class, use inheritance to build a derived class that extends, or that slightly differs from the base class. But in order to exploit the full potential of inheritance to build systems incrementally, the designer must also be able to reason about the derived class incrementally. This paper presents a specification notation and...