Q: Exploit Hardening Made Easy
نویسندگان
چکیده
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which randomizes the location of libc, making these techniques unusable in practice. However, modern ASLR implementations leave smaller amounts of executable code unrandomized and it has been unclear whether an attacker can use these small code fragments to construct payloads in the general case. In this paper, we show defenses as currently deployed can be bypassed with new techniques for automatically creating ROP payloads from small amounts of unrandomized code. We propose using semantic program verification techniques for identifying the functionality of gadgets, and design a ROP compiler that is resistant to missing gadget types. To demonstrate our techniques, we build Q, an end-to-end system that automatically generates ROP payloads for a given binary. Q can produce payloads for 80% of Linux /usr/bin programs larger than 20KB. We also show that Q can automatically perform exploit hardening: given an exploit that crashes with defenses on, Q outputs an exploit that bypasses both W⊕X and ASLR. We show that Q can harden nine realworld Linux and Windows exploits, enabling an attacker to automatically bypass defenses as deployed by industry for those programs.
منابع مشابه
Update on Q: Exploit Hardening Made Easy
After Q: Exploit Hardening Made Easy [2] appeared in Usenix Security 2011, we noticed a discrepancy in our results. Our experiments showed that we could create a ROP payload to call statically linked functions in 80% of programs larger than 20KB, and additionally dynamically linked functions in 80% of programs larger than 100KB. The only difference between the two experiments is that the latter...
متن کاملEfficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
In-depth analysis of network security vulnerability must consider attacker exploits not just in isolation, but also in combination. The general approach to this problem is to compute attack paths (combinations of exploits), from which one can decide whether a given set of network hardening measures guarantees the safety of given critical resources. We go beyond attack paths to compute actual se...
متن کاملThe self-similarity theory of high pressure torsion
By analyzing the problem of high pressure torsion (HPT) in the rigid plastic formulation, we show that the power hardening law of plastically deformed materials leads to self-similarity of HPT, admitting a simple mathematical description of the process. The analysis shows that the main parameters of HPT are proportional to β q , with β being the angle of the anvil rotation. The meaning of the p...
متن کاملEvaluating Wear Properties of AISI 420 Martensitic Stainless Steel after Laser Transformation Hardening
As the turbine industries need to manufacture turbine blades made of martensitic stainless steel AISI 420 with high toughness and wear resistance, local laser hardening has become more and more important. In this research, surface of the samples was initially hardened by high-power pulsed laser beam; then, optimum parameters of hardening were calculated and wear resistance of surface hardened s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011