other code reuse attacks are a class of buffer overflow attacks that shows the existence of executable code that can be used for malicious purposes. They attack the systems security by chaining the sequence of instructions together to perform the expected logic of attack. These attacks have a common feature; they rely on executable code’s memory layout. The layout of the executable code can be ...

Memory corruption vulnerabilities not only allow modification of control data and injection of malicious payloads; they also allow adversaries to reconnoiter a diversified program, customize a payload, and ultimately bypass code randomization defenses. In response, researchers have proposed and built various leakage-resilient defenses against code reuse. Leakage-resilient defenses use memory pr...

Software exploitation, as used by malware and other kinds of attacks, require the attacker to take control of code execution. Historically, this involves injecting code into memory and using a software vulnerability to execute it. This works because both ARM and x86 uses a modified Harvard architecture which allows code and data memory to be shared. ARMv6 introduced the “execute never”[1] featu...

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but nevertheless, new exploits that successfully bypass these technologies still appear on a regular basis. In this paper, we propose ROPocop, a novel approach for dete...

Code reuse attacks circumvent traditional program protection mechanisms such as W ⊕ X by constructing exploits from code already present within a process. Existing techniques to defend against these attacks provide ad hoc solutions or lack in features necessary to provide comprehensive and adoptable solutions. We present a systematic approach based on first principles for the efficient, robust ...

Security of embedded devices today is a critical requirement for the Internet of Things (IoT) as these devices will access sensitive in­ formation such as social security numbers and health records. This makes these devices a lucrative target for attacks exploiting vulnerabilities to inject malicious code or reuse existing code to alter the execution of their software. Existing defense techniqu...

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect...

The latest effective defense against code reuse attacks is fine-grained, per-process memory randomization. However, such process randomization prevents code sharing since there is no longer any identical code to share between processes. Without shared libraries, however, tremendous memory savings are forfeit. This drawback may hinder the adoption of fine-grained memory randomization. We present...

The software monoculture favors attackers over defenders, since it makes all target environments appear similar. Code-reuse attacks, for example, rely on target hosts running identical software. Attackers use this assumption to their advantage by automating parts of creating an attack. This article presents large-scale automated software diversification as a means to shore up this vulnerability...