Your search keyword '"Return-to-libc"' showing total 6 results

1. Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems.

Author

Day, David and Zhao, Zheng-Xu

Abstract

Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1-3], and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently. [ABSTRACT FROM AUTHOR]

Published

2011

2. Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution

Author

Stijn Volckaert, Bart Coppens, and Bjorn De SutterMember

Subjects

Return oriented programming, Technology, replication, Exploit, Computer science, 0211 other engineering and technologies, SOFTWARE, 02 engineering and technology, Disjoint sets, Parallel computing, computer.software_genre, memory exploits, Control flow, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, return-to-libc, Electrical and Electronic Engineering, Computer Science, Hardware & Architecture, Programmer, 021110 strategic, defence & security studies, Science & Technology, Computer Science, Information Systems, Address space, Computer Science, Software Engineering, protection, monitoring, Virtual address space, Computer Science, Memory footprint, Operating system, computer, Return-oriented programming, overhead

Abstract

© 2004-2012 IEEE. In this paper, we present disjoint code layouts (DCL), a technique that complements multi-variant execution [1] and W$\oplus$ X protection to effectively immunize programs against control flow hijacking exploits such as return oriented programming (ROP) [2] and return-to-libc attacks [3]. DCL improves upon address space partitioning (ASP), an earlier technique presented to defeat memory exploits. Unlike ASP, our solution keeps the full virtual address space available to the protected program. Additionally, our combination of DCL with Multi-Variant Execution is transparent to both the user and the programmer and incurs much less overhead than other ROP defense tools, both in terms of run time and memory footprint. ispartof: IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING vol:13 issue:4 pages:437-450 status: published

Published

2016

3. Evaluating the generality and limits of blind return-oriented programming attacks

Author

Keener, Lawrence, Gondree, Mark, Eagle, Chris, and Computer Science

Subjects

return-to-libc, BROP, return-oriented programming, implementation disclosure attacks, ROP

Abstract

We consider a recently proposed information disclosure vulnerability called blind return-oriented programming (BROP). Under certain conditions, this attack allows a return-oriented programming attack against previously unknown binaries. We precisely enumerate the assumptions for a successful BROP attack to take place. We analyze prerequisite knowledge to perform a BROP attack, including the need to exploit a stack-based buffer overflow. In particular, we examine the types of buffer-handling functions and canaries that may render these functions useless for exploitation purposes. We survey network service binaries, to examine how often different BROP requirements are satisfied in real software, including the presence of certain gadgets and the behavior on crashes. We find if an optimized attack fails, a first principles BROP attack is unlikely to succeed. Our survey shows that certain required gadgets are rare, limiting a first principles attack.We show the presence of required gadgets fluctuates with binary version number and build conditions. The majority of the services we survey do not appear vulnerable to BROP due to missing gadgets or re-randomization on crash. We suggest some ameliorations that may further limit the applicability of this attack. http://archive.org/details/evaluatinggenera1094547979 Outstanding Thesis Civilian, Vista Research Approved for public release; distribution is unlimited.

Published

2015

4. G-free: Defeating return-oriented programming through gadget-less binaries

Author

Andrea Lanzi, Engin Kirda, Kaan Onarlioglu, Davide Balzarotti, and Leyla Bilge

Subjects

Computer science, Program compilers, 0211 other engineering and technologies, Security of data, Memory corruption, 02 engineering and technology, computer.software_genre, Computer security, Security systems, Gadget, 0202 electrical engineering, electronic engineering, information engineering, Return-oriented programming, Practical solutions, Software system, Software systems, Branch instructions, Operating systems, Control-flow integrity, 021110 strategic, defence & security studies, Address space layout randomization, Real-world application, 020207 software engineering, computer.file_format, Protection mechanisms, Computer operating systems, ROP, Return-to-libc, Compiler, Executable, Computer applications, computer, Exploitation techniques

Abstract

Conference name: ACSAC '10 Proceedings of the 26th Annual Computer Security Applications Conference Date of Conference: 06-10 December, 2010 Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A recent exploitation technique, called Return-Oriented Programming (ROP), has lately attracted a considerable attention from academia. Past research on the topic has mostly focused on refining the original attack technique, or on proposing partial solutions that target only particular variants of the attack. In this paper, we present G-Free, a compiler-based approach that represents the first practical solution against any possible form of ROP. Our solution is able to eliminate all unaligned free-branch instructions inside a binary executable, and to protect the aligned free-branch instructions to prevent them from being misused by an attacker. We developed a prototype based on our approach, and evaluated it by compiling GNU libc and a number of real-world applications. The results of the experiments show that our solution is able to prevent any form of return-oriented programming. © 2010 ACM.

Published

2010

5. İkili yürütülebilirlerin dönüşe dayalı programlamaya karşı bağışıklandırılması

Author

Onarlioğlu, Kaan, Selçuk, Ali Aydın, and Bilgisayar Mühendisliği Anabilim Dalı

Subjects

Return-to-libc, Memory corruption vulnerabilities, QA76.9.A25 O53 2010, Computer networks--Security measures, Return-oriented programming, Computer security, Computer Engineering and Computer Science and Control, Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol

Abstract

Modern işletim sistemlerinde bulunan birçok önlem ve koruma mekanizmasınarağmen, bellek bozma açıklarının istismarı yazılım sistemlerinin ve bilgisayarağlarının güvenliği için hala ciddi bir tehdit oluşturmaktadır. Yakın geçmişte ortayaatılan ?Dönüşe-Dayalı Programlama (DDP)? isimli istismar tekniği son zamanlardaakademik ortamda oldukça dikkat çekti.DDP saldırıları, serbest-dal yönergeleriyle, yani bir saldırganın yürütme akışınıkontrol etmesine olanak sağlayan yönergelerle sonlanan kısa kod dizilerinden faydalanır.İkili yürütülebilirlerde mevcut olan bu tür dizileri, diğer bir deyişleaygıtları, teşhis ederek ve bunları birbirlerine zincirleyerek keyfi hesaplamalar yapmakmümkündür. Geçmişte bu konu üzerinde yapılan araştırmalar çoğunlukla orijinalsaldırı tekniklerinin geliştirilmesi veya sadece belirli saldırı türevlerini hedef alankısmi çözümler önerilmesi üzerine odaklanmıştır.Bu çalışmada, DDP'nin mümkün olan her şekline yönelik ilk pratik çözümütemsil eden, derleyici tabanlı bir yaklaşım sunuyoruz. Çözümümüz, bir saldırganınkötüye kullanmasını engellemek amacıyla hizalı serbest-dal yönergelerini koruyabilmekteve ikili yürütülebilirlerin içerisindeki tüm hizasız serbest-dal yönergeleriniortadan kaldırabilmektedir. Yaklaşımımıza dayanarak x86 mimarisini hedefleyen birprototip geliştirdik; GNU libc ve birkaç gerçek uygulama derleyerek bu prototipi değerlendirdik.Deney sonuçlarına göre, sunduğumuz çözüm her türlü DDP saldırısınıengelleyebilmektedir. Despite the numerous prevention and protection mechanisms that have been introducedinto modern operating systems, the exploitation of memory corruption vulnerabilitiesstill represents a serious threat to the security of software systems and networks. Arecent exploitation technique, called Return-Oriented Programming (ROP), has latelyattracted a considerable attention from academia.ROP attacks utilize short code sequences each ending with a free-branch instruction,i.e. an instruction that allows the attacker to control the execution flow. Identifyingsuch sequences, or gadgets, available in binary executables and chaining themtogether, it is possible to perform arbitrary computations. Past research on the topichas mostly focused on refining the original attack technique, or on proposing partialsolutions that target only particular variants of the attack.In this work, we present a compiler-based approach that represents the first practicalsolution against any possible form of ROP. Our solution is able to protect thealigned free-branch instructions to prevent them from being misused by an attacker,and to eliminate all unaligned free-branch instructions inside a binary executable. Wedeveloped a prototype based on our approach for the x86 architecture, and evaluatedit by compiling GNU libc and a number of real-world applications. The results ofthe experiments demonstrate that our solution is able to prevent any form of return-orientedprogramming attack. 63

Published

2010

6. Evaluating the generality and limits of blind return-oriented programming attacks

Author

Gondree, Mark, Eagle, Chris, Computer Science, Keener, Lawrence, Gondree, Mark, Eagle, Chris, Computer Science, and Keener, Lawrence

Abstract

We consider a recently proposed information disclosure vulnerability called blind return-oriented programming (BROP). Under certain conditions, this attack allows a return-oriented programming attack against previously unknown binaries. We precisely enumerate the assumptions for a successful BROP attack to take place. We analyze prerequisite knowledge to perform a BROP attack, including the need to exploit a stack-based buffer overflow. In particular, we examine the types of buffer-handling functions and canaries that may render these functions useless for exploitation purposes. We survey network service binaries, to examine how often different BROP requirements are satisfied in real software, including the presence of certain gadgets and the behavior on crashes. We find if an optimized attack fails, a first principles BROP attack is unlikely to succeed. Our survey shows that certain required gadgets are rare, limiting a first principles attack.We show the presence of required gadgets fluctuates with binary version number and build conditions. The majority of the services we survey do not appear vulnerable to BROP due to missing gadgets or re-randomization on crash. We suggest some ameliorations that may further limit the applicability of this attack., http://archive.org/details/evaluatinggenera1094547979, Outstanding Thesis, Civilian, Vista Research, Approved for public release; distribution is unlimited.