Building Secure Defenses Against Code-Reuse Attacks by Lucas Davi, Ahmad-Reza Sadeghi

By Lucas Davi, Ahmad-Reza Sadeghi

This booklet presents an in-depth examine return-oriented programming assaults. It explores a number of traditional return-oriented programming assaults and analyzes the effectiveness of safety options together with deal with area format randomization (ASLR) and the control-flow regulations carried out in defense watchdogs resembling Microsoft EMET.

Chapters additionally clarify the main of control-flow integrity (CFI), spotlight some great benefits of CFI and talk about its present weaknesses. numerous superior and complex return-oriented programming assault ideas akin to just-in-time return-oriented programming are presented.

Building safe Defenses opposed to Code-Reuse Attacks is a superb reference device for researchers, programmers and execs operating within the safeguard box. It presents advanced-level scholars learning laptop technology with a finished evaluation and transparent realizing of significant runtime attacks.

Show description

Read or Download Building Secure Defenses Against Code-Reuse Attacks PDF

Similar object-oriented software design books

The Essence of Object Oriented Programming with Java and UML

You might have written a few strains of Java code and created a couple of gadgets, but you recognize that this does not represent precise object-oriented programming. As a Java programmer, you must get extra from your efforts. This creation to the fundamentals of object-oriented programming and the Unified Modeling Language (UML) provide you with a company beginning on which to construct fine quality software program structures that acquire the entire advantage of an object-oriented strategy.

Concepts in programming languages

Ideas in Programming Languages elucidates the valuable suggestions utilized in smooth programming languages, resembling capabilities, varieties, reminiscence administration, and regulate. The e-book is exclusive in its finished presentation and comparability of significant object-oriented programming languages. Separate chapters learn the background of gadgets, Simula and Smalltalk, and the well-liked languages C++ and Java.

Computing patterns in strings

The computation of styles in strings is a primary requirement in lots of parts of technological know-how and knowledge processing. The operation of a textual content editor, the lexical research of a working laptop or computer application, the functioning of a finite automaton, the retrieval of data from a database - those are all actions that could require that styles be positioned and computed.

Building Web Applications with ADO.NET and XML Web Services

Construct a data-intensive internet software with XML internet prone and ADO. web! Richard Hundhausen, Steven Borg, Cole Francis, and Kenneth Wilcox have mixed their years of workmanship during this worthwhile source to educate you ways a customary stressed company can leverage internet companies in B2B trade.

Additional resources for Building Secure Defenses Against Code-Reuse Attacks

Sample text

We believe that this is due to the fact that many PC platforms still did not strictly enforce DEP thereby allowing attackers to launch conventional code injection attacks. However, in 2010, the first returnoriented exploit targeting Adobe PDF has been discovered [21]. From there on, a number of return-oriented exploits have appeared [9, 16, 28, 38]. More distantly related to return-oriented programming is the concept of JITspraying attacks [1]. These attacks allow an adversary to return to code she injected via a script.

In: Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT’10 (2010). id=1925004. 1925011 2. : Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11 (2011). 1145/1966913. 1966919 3. : Solaris non-executable stack overview. com/gbrunett/entry/ solaris_non_executable_stack_overview (2007) 4. : When good instructions go bad: generalizing return-oriented programming to RISC.

If any of these return addresses points to a non-call-preceded instruction, the program is terminated. ROPGuard’s only heuristic under category ➁ is for validating that the stack pointer does not point to a memory location beyond the stack boundaries. While doing so prevents return-oriented payload execution on the heap, it does not prevent traditional stack-based return-oriented attacks. 3 ROPecker ROPecker is a Linux-based approach suggested by Cheng et al. [16] that also leverages the LBR register set to detect past execution of gadgets.

Download PDF sample

Rated 4.86 of 5 – based on 9 votes