Your search keyword '"ASLR"' showing total 13 results

1. fASLR: Function-Based ASLR for Resource-Constrained IoT Systems

Author

Shao, Xinhui, Luo, Lan, Ling, Zhen, Yan, Huaiyu, Wei, Yumeng, Fu, Xinwen, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Atluri, Vijayalakshmi, editor, Di Pietro, Roberto, editor, Jensen, Christian D., editor, and Meng, Weizhi, editor

Published

2022

2. A review paper on hacking blind

Author

Chawla, Chanchal

Published

2021

3. A Survey of Code Reuse Attack and Defense

Author

Luo, Bingbing, Yang, Yimin, Zhang, Changhe, Wang, Yi, Zhang, Baoying, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Xhafa, Fatos, editor, Patnaik, Srikanta, editor, and Tavana, Madjid, editor

Published

2019

4. Identifying memory address disclosures

Author

North, John

Subjects

600, disclosures, memory address, ASLR, vulnerability, stack cookies, ROP

Abstract

Software is still being produced and used that is vulnerable to exploitation. As well as being in devices in the homes of many people around the world, programs with these vulnerabilities are maintaining life-critical systems such as power-stations, aircraft and medical devices and are managing the creation and distribution of billions of pounds every year. These systems are actively being exploited by governments, criminals and opportunists and have led to loss of life and a loss of wealth. This dependence on software that is vulnerable to exploitation has led to a society with tangible concerns over cyber-crime, cyber-terrorism and cyber-warfare. As well as attempts to eliminate these vulnerabilities, techniques have been developed to mitigate their effects; these prophylactic techniques do not eliminate the vulnerabilities but make them harder to exploit. As software exploitation is an ever evolving battle between the attackers and the defenders, identifying methods to bypass these mitigations has become a new battlefield in this struggle and the techniques that are used to do this require vulnerabilities of their own. As many of the mitigation techniques are dependent upon secrecy of one form or another, vulnerabilities which allow an attacker to view those secrets are now of importance to attackers and defenders. Leaking of the contents of computer memory has always been considered a vulnerability, but until recently it has not typically been considered a serious one. As this can be used to bypass key mitigation techniques, these vulnerabilities are now considered critical to preventing whole classes of software exploitation. This thesis is about detecting these types of leaks and the information they disclose. It discusses the importance of these disclosures, both currently and in the future. It then introduces the first published technique to be able to reliably identify specific classes of these leaks, particularly address disclosures and canary-disclosures. The technique is tested against a series of applications, across multiple operating systems, using both artificial examples and software that is critical, commonplace and complex.

Published

2015

5. Fine-grained address space layout randomization on program load

Author

A. R. Nurmukhametov, E. A. Zhabotinskiy, Sh. F. Kurmangaleev, S. S. Gaissaryan, and A. V. Vishnyakov

Subjects

рандомизация адресного пространства, диверсификация, aslr, rop, Electronic computers. Computer science, QA75.5-76.95

Abstract

Program vulnerabilities are a serious security threat. It is important to develop defenses preventing their exploitation, especially with a rapid increase of ROP attacks. State of the art defenses have some drawbacks that can be used by attackers. In this paper we propose fine-grained address space layout randomization on program load that is able to protect from such kind of attacks. During the static linking stage executable and library files are supplemented with information about function boundaries and relocations. A system dynamic linker/loader uses this information to perform functions permutation. The proposed method was implemented for 64-bit programs on CentOS 7 operating system. The implemented method has shown good resistance to ROP attacks based on two metrics: the number of survived gadgets and the exploitability estimation of ROP chain examples. The implementation presented in this article is applicable across the entire operating system and has shown 1.5 % time overhead. The working capacity of proposed approach was demonstrated on real programs. The further research can cover forking randomization and finer granularity than on the function level. It also makes sense to implement the randomization of short functions placement, taking into account the relationships between them. The close arrangement of functions that often call each other can improve the performance of individual programs.

Published

2018

6. ASLR and ROP Attack Mitigations for ARM-Based Android Devices

Author

Parikh, Vivek, Mateti, Prabhaker, Barbosa, Simone Diniz Junqueira, Series editor, Chen, Phoebe, Series editor, Filipe, Joaquim, Series editor, Kotenko, Igor, Series editor, Sivalingam, Krishna M., Series editor, Washio, Takashi, Series editor, Yuan, Junsong, Series editor, Zhou, Lizhu, Series editor, Thampi, Sabu M., editor, Martínez Pérez, Gregorio, editor, Westphall, Carlos Becker, editor, Hu, Jiankun, editor, Fan, Chun I., editor, and Gómez Mármol, Félix, editor

Published

2017

7. Blender: Self-randomizing Address Space Layout for Android Apps

Author

Sun, Mingshen, Lui, John C. S., Zhou, Yajin, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Monrose, Fabian, editor, Dacier, Marc, editor, Blanc, Gregory, editor, and Garcia-Alfaro, Joaquin, editor

Published

2016

8. Mitigating Return Oriented Programming.

Author

Speakman, Lee, Eze, Thaddeus, Baker, David, and Wairimu, Samuel

Abstract

Code-reuse attack techniques, such as Return Oriented Programming (ROP), pose a significant threat to modern day systems as they are able to circumvent both traditional and more modern protection mechanisms such as antivirus, antimalware, Address Space Layout Randomisation (ASLR) and W⊕X/Data Execution Prevention (DEP). IT companies are actively researching ways in which ROP attacks can be mitigated, emphasising the importance of research in this area. Various defence mechanisms have been designed and developed to attempt to prevent ROP attacks, however, vulnerabilities still exist, and some attacks are still able to bypass these. This paper proposes a solution -- ROPMit -- that successfully mitigates ROP attacks without the caveats of other current research. ROPMit is a collection of base techniques that detects function boundaries and randomises at the function level the memory layout to mitigate against ROP, even when an info-leak is present, to reveal the address of part of the code section. ROPMit is implemented and tested on Linux 32bit binaries compiled with gcc. Testing is done on a binary with an info-leak and buffer overflow vulnerability on the call stack. A ROP attack attempts to call gadgets in the binary but is blocked by ROPMit with high likelihood. The likelihood of blocking an attack is proportional to the factorial of the number of functions present in the binary. [ABSTRACT FROM AUTHOR]

Published

2019

9. eavesROP: Listening for ROP Payloads in Data Streams

Author

Jämthagen, Christopher, Karlsson, Linus, Stankovski, Paul, Hell, Martin, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Kobsa, Alfred, Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Chow, Sherman S. M., editor, Camenisch, Jan, editor, Hui, Lucas C. K., editor, and Yiu, Siu Ming, editor

Published

2014

10. Fine-Grained Address Space Layout Randomization on Program Load.

Author

Nurmukhametov, A. R., Zhabotinskiy, E. A., Kurmangaleev, Sh. F., Gaissaryan, S. S., and Vishnyakov, A. V.

Subjects

*COMPUTER programming management, *SOFTWARE protection, *RANDOMIZATION (Statistics), *COMPUTER operating systems, *LOADERS (Computer programs)

Abstract

Abstract: Software vulnerabilities are a serious security threat. It is important to develop protection mechanisms preventing their exploitation, especially with a rapid increase of ROP attacks. State of the art protection mechanisms have some drawbacks that can be used by attackers. In this paper, we propose fine-grained address space layout randomization on program load that is able to protect from such kind of attacks. During the static linking stage, the executable and library files are supplemented with information about function boundaries and relocations. A system dynamic linker/loader uses this information to perform permutation of functions. The proposed method was implemented for 64-bit programs on CentOS 7 operating system. The implemented method has shown good resistance to ROP attacks evaluated by two metrics: the number of survived gadgets and the exploitability estimation of ROP chain examples. The implementation presented in this article is applicable across the entire operating system and has no compatibility problems affecting the program performance. The working capacity of proposed approach was demonstrated on real programs. The further research can cover forking randomization and finer granularity than on the function level. It also makes sense to implement the randomization of short functions placement taking into account the relationships between them. The close arrangement of functions that often call each other can improve the performance of individual programs. [ABSTRACT FROM AUTHOR]

Published

2018

11. Quantitative Metrics and Measurement Methodologies for System Security Assurance

Author

Ahmed, Md Salman, Computer Science, Yao, Danfeng, Schaumont, Patrick Robert, Hicks, Matthew, Monrose, Fabian N., and Wang, Gang

Subjects

Data Pointers, Attack Vectors, Security Measurement, JITROP, ROP, ASLR, Data-Oriented Attacks, Attack Surface Quantification, LLVM, Metrics, Memory Tagging, Methodologies, Gadgets, Taint Analysis, Pointer Authentication

Abstract

Proactive approaches for preventing attacks through security measurements are crucial for preventing sophisticated attacks. However, proactive measures must employ qualitative security metrics and systemic measurement methodologies to assess security guarantees, as some metrics (e.g., entropy) used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures (e.g., data pointer protection or data flow integrity) suffer performance bottlenecks. This dissertation identifies and represents attack vectors as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling ways to tune performance vs. security of existing defenses by identifying and prioritizing key attack vectors for protection. We measure attack surface by quantifying the impact of fine-grained Address Space Layout Randomization (ASLR) on code reuse attacks under the Just-In-Time Return-Oriented Programming (JITROP) threat model. We conduct a comprehensive measurement study with five fine-grained ASLR tools, 20 applications including six browsers, one browser engine, and 25 dynamic libraries. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse gadgets such as the Turing Complete gadget set. Experiments also suggest that some code pointer leaks allow attackers to find gadgets more quickly than others. Besides, the instruction-level single-round randomization can restrict Turing Complete operations by preventing up to 90% of gadgets. This dissertation also identifies and prioritizes critical data pointers for protection to enable the capability to tune between performance vs. security. We apply seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful detection of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer. Our results also suggest that sensitive data objects are as low as 3%, and on average, 82% of data objects do not need protection for real-world applications. Doctor of Philosophy Proactive approaches for preventing attacks through security measurements are crucial to prevent advanced attacks because reactive measures can become challenging, especially when attackers enter sophisticated attack phases. A key challenge for the proactive measures is the identification of representative metrics and measurement methodologies to assess security guarantees, as some metrics used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures suffer performance bottlenecks. This dissertation identifies and represents attack elements as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling the capability to tune performance vs. security of existing defenses by identifying and prioritizing key attack elements. We measure the attack surface of various software applications by quantifying the available attack elements of code reuse attacks in the presence of fine-grained Address Space Layout Randomization (ASLR), a defense in modern operating systems. ASLR makes code reuse attacks difficult by making the attack components unavailable. We perform a comprehensive measurement study with five fine-grained ASLR tools, real-world applications, and libraries under an influential code reuse attack model. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse elements. Results also show the influence of one attack element over another and one defense strategy over another strategy. This dissertation also applies seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers – a type of attack element – to enable the capability to tune between performance vs. security. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful identification of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer, a memory error detector. Our results also suggest that sensitive data objects are as low as 3% of all objects, and on average, 82% of objects do not need protection for real-world applications.

Published

2022

12. Fine-grained address space layout randomization on program load

Author

Shamil Kurmangaleev, A. V. Vishnyakov, A.R. Nurmukhametov, E. A. Zhabotinskiy, and Serguei Gaissaryan

Subjects

Computer science, Distributed computing, 0211 other engineering and technologies, Working capacity, 02 engineering and technology, lcsh:QA75.5-76.95, rop, Software, 0202 electrical engineering, electronic engineering, information engineering, General Environmental Science, 021110 strategic, defence & security studies, Address space layout randomization, business.industry, рандомизация адресного пространства, 020207 software engineering, computer.file_format, Loader, Dynamic linker, General Earth and Planetary Sciences, диверсификация, Granularity, Executable, lcsh:Electronic computers. Computer science, business, computer, aslr

Abstract

Software vulnerabilities are a serious security threat. It is important to develop protection mechanisms preventing their exploitation, especially with a rapid increase of ROP attacks. State of the art protection mechanisms have some drawbacks that can be used by attackers. In this paper, we propose fine-grained address space layout randomization on program load that is able to protect from such kind of attacks. During the static linking stage, the executable and library files are supplemented with information about function boundaries and relocations. A system dynamic linker/loader uses this information to perform permutation of functions. The proposed method was implemented for 64-bit programs on CentOS 7 operating system. The implemented method has shown good resistance to ROP attacks evaluated by two metrics: the number of survived gadgets and the exploitability estimation of ROP chain examples. The implementation presented in this article is applicable across the entire operating system and has no compatibility problems affecting the program performance. The working capacity of proposed approach was demonstrated on real programs. The further research can cover forking randomization and finer granularity than on the function level. It also makes sense to implement the randomization of short functions placement taking into account the relationships between them. The close arrangement of functions that often call each other can improve the performance of individual programs.

Published

2018

13. eavesROP: Listening for ROP Payloads in Data Streams (preliminary full version)

Author

Jämthagen, Christopher, Karlsson, Linus, Stankovski, Paul, and Hell, Martin

Subjects

ASLR, Pattern Matching, Return-Oriented Programming, Electrical Engineering, Electronic Engineering, Information Engineering, ROP

Abstract

We consider the problem of detecting exploits based on return-oriented programming. In contrast to previous works we investigate to which extent we can detect ROP payloads by only analysing streaming data, i.e., we do not assume any modifications to the target machine, its kernel or its libraries. Neither do we attempt to execute any potentially malicious code in order to determine if it is an attack. While such a scenario has its limitations, we show that using a layered approach with a filtering mechanism together with the Fast Fourier Transform, it is possible to detect ROP payloads even in the presence of noise and assuming that the target system employs ASLR. Our approach, denoted eavesROP, thus provides a very lightweight and easily deployable mitigation against certain ROP attacks. It also provides the added merit of detecting the presence of a brute-force attack on ASLR since library base addresses are not assumed to be known by eavesROP.

Published

2014