Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
نویسندگان
چکیده
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisorbased memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, and OS independent protection against all spraying techniques known to date. We developed a prototype open source framework based on our approach, and we thoroughly evaluated it against all known variations of spraying attacks on two operating systems: Linux and Microsoft Windows. Our tool can be applied out of the box to protect any application, and its overhead can be tuned according to the application behavior and to the desired level of protection.
منابع مشابه
Detection of Heap-Spraying Attacks Using String Trace Graph
Heap-spraying is an attack technique that exploits memory corruptions in web browsers. A realtime detection of heap-spraying is difficult because of dynamic nature of JavaScript and monitoring overheads. In this paper, we propose a runtime detector of heap-spraying attacks in web browsers. We build a string trace graph by tracing all string objects and string operations in JavaScript. The graph...
متن کاملScalable Web Object Inspection and Malfease Collection
Internet drive-by downloads attacks are the preferred vehicle to infect desktop computers. In this paper, we propose a new URL analysis framework that combines lightweight virtualization and novel modifications to the WINE engine to detect heap spray attacks against applications. In addition, we are able to extract the attack shellcode used to further download other malicious binaries to the vi...
متن کاملSprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture
Many smartphones now deploy conventional operating systems, so the rootkit attacks so prevalent on desktop and server systems are now a threat to smartphones. While researchers have advocated using virtualization to detect and prevent attacks on operating systems (e.g., VM introspection and trusted virtual domains), virtualization is not practical on smartphone systems due to the lack of virtua...
متن کاملNOZZLE: A Defense Against Heap-spraying Code Injection Attacks
Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing malicious code in the heap, increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of a...
متن کاملAtomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment
In recent years process heap-based attacks have increased significantly. These attacks exploit the system under attack via the heap, typically by using a heap spraying attack. A large number of malicious files and URLs offering dangerous contents are potentially encountered every day, both by client-side and server-side applications. Static and dynamic methods have been proposed to detect heap-...
متن کامل