Known/Chosen key attacks against software Instruction Set Randomization

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2006, Pages 349-358

  Weiss, Yoav ^a   Barrantes, Elena Gabriela ^b  

^a Discretix Technologies Ltd   (Israel)

^b UNIVERSIDAD DE COSTA RICA   (Costa Rica)

Author keywords

[No Author keywords available]

Indexed keywords

BINARY CODES; PROGRAM TRANSLATORS; REAL TIME SYSTEMS; SECURITY OF DATA;

DATA-CODE ATTACKS; INSTRUCTION SET RANDOMIZATION (ISR); RANDOMIZED INSTRUCTION SET EMULATOR (RISE);

COMPUTER CRIME;

EID: 39049132994     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2006.33     Document Type: Conference Paper

References (20)

1. E. G. Barrantes, D. Ackley, S. Forrest, T. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS '03), pages 281-289, New York, NY, USA, October 27-31 2003. ACM Press.
2. E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovic. Randomized instruction set emulation. ACM Transactions on Information and System Security (TISSEC), 8(1):3-40, February 2005.
3. S. Bhatkar, R. Sekar, and D. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th Usenix Security Symposium, pages 271-286, August 2005.
4. CERT Coordination Center. Cert advisory ca-2001-33. multiple vulnerabilities in WUFTPD, 2001.
5. S. Chen, J. Xu, E. Sezer, P. Gauriar, and R. Iyer. Noncontrol-data attacks are realistic threats. In Proceedings of the Usenix Security Symposium, page 177192, 2005.
6. T. Durden. Bypassing PaX ASLR protection. Phrack, 59(9), June 2002.
7. S. Forrest, A. Somayaji, and D. Ackley. Building Diverse Computer Systems. In Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, pages 67-72, 1997.
8. M. Kaempf. Vudo malloc tricks. Phrack, 57(8), 2001.
9. P. A. Karger and R. R. Schell. Multics security evaluation: Vulnerability analysis. Technical report, HQ Electronic Systems Division, http://csrc.nist.gov/publications/history/karg74.pdf, June 1974.
10. G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 272-280, New York, NY, USA, October 27-31 2003. ACM Press.
11. M. Liskov, R. Rivest, and D. Wagner. Tweakable block ciphers. Lecture Notes in Computer Science, 2442(CRYPTO'02):3146, 2002.
12. I. Moinar. Exec Shield - new linux security feature. NewsForge, May 2003.
13. PaX team. Documentation for the PaX project. In http://pax.grsecurity. net/docs/index.html, 2006.
14. C. Percival. Cache missing for fun and profit. In http://www. daemonology.net/papers/htt.pdf, 2005.
15. Scut and Team Teso. Exploiting format string vulnerabilities. In http://http://www.team-teso.net/articles /formatstring/, September 1 2001.
16. J. Seward and N. Nethercote. Valgrind, an open-source memory debugger for x86-gnu/linux. In http://valgrind.org/, 2006.
17. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In CCS '04: Proceedings of the 11 th ACM conference on Computer and communications security, pages 298-307, New York, NY, USA, 2004. ACM Press.
18. A. Sovarel, D. Evans, and N. Paul. Where's the FEEB?: The effectiveness of instruction set randomization. In Proceedings of the Usenix Security Symposium, pages 145-160, 2005.
19. Tool Interface Standards Committee. Executable and Linking Format (ELF), May 1995.
20. Y. Weiss and E. G. Barrantes. Known/chosen key attacks against RISE: Attacking the immune system. Technical Report TR-ECCI-01-2006, E.C.C.I., Universidad de Costa Rica, http://www.ecci.ucr.ac.cr/, September 2006.