dwarf frankenstein is still in your memory: tiny code reuse attacks

نویسندگان

a. a sadeghi

f. aminmansour

h. r. shahriari

چکیده

code reuse attacks such as return oriented programming and jump oriented programming become the most popular exploitation methods among attackers. a large number of practical and non-practical defenses have been proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. however, a usual aspect among them is to consider the common behavior of code reuse attacks, which is the construction of a gadget chain. therefore, the implication of a gadget and the minimum size of an attack chain are a matter of controversy. conservative or relaxed thresholds may cause false positive and false negative alarms respectively. the main contribution of this paper is to provide a tricky aspect of code reuse techniques, called tiny code reuse attacks (tiny-cra) that demonstrates the ineffectiveness of the threshold based detection methods. we show that with bare minimum assumptions, tiny-cra can reduce the size of a gadget chain, so that, no distinction can be detected between normal behavior of a program and a code-reuse execution. to do so, we exhibit our tiny-cra primitives and introduce a useful gadget set available in libc. we demonstrate the effectiveness of our approach by implementing nine different shell-codes and exploiting a real-world buffer overflow vulnerability in ht editor 2.0.20.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Dwarf Frankenstein is still in your memory: tiny code reuse attacks

Code reuse attacks such as return oriented programming and jump oriented programming are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that differ in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common be...

متن کامل

ROPDetect : Detection of Code Reuse Attacks

Software exploitation, as used by malware and other kinds of attacks, require the attacker to take control of code execution. Historically, this involves injecting code into memory and using a software vulnerability to execute it. This works because both ARM and x86 uses a modified Harvard architecture which allows code and data memory to be shared. ARMv6 introduced the “execute never”[1] featu...

متن کامل

ROPocop - Dynamic Mitigation of Code-Reuse Attacks

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but nevertheless, new exploits that successfully bypass these technologies still appear on a regular basis. In this paper, we propose ROPocop, a novel approach for dete...

متن کامل

Chronomorphic Programs: Using Runtime Diversity to Prevent Code Reuse Attacks

Return Oriented Programming (ROP) attacks, in which a cyber attacker crafts an exploit from instruction sequences already contained in a running binary, have become popular and practical. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP ...

متن کامل

XIFER: A Software Diversity Tool Against Code-Reuse Attacks

The enormous growth of mobile devices and their app markets has raised many security and privacy concerns. Runtime attacks seem to be a major threat, in particular, codereuse attacks that do not require any external code injection (e.g., return-to-libc or return-oriented programming). We present, for the first time, a code transformation tool that completely mitigates code-reuse attacks by appl...

متن کامل

Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard

Code-reuse attacks based on return oriented programming are among the most popular exploitation techniques used by attackers today. Few practical defenses are able to stop such attacks on arbitrary binaries without access to source code. A notable exception are the techniques that employ new hardware, such as Intel’s Last Branch Record (LBR) registers, to track all indirect branches and raise a...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید


عنوان ژورنال:
isecure, the isc international journal of information security

جلد ۹، شماره ۱، صفحات ۵۳-۷۲

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023