Address space randomization for mobile devices

WiSec'11 - Proceedings of the 4th ACM Conference on Wireless Network Security

Volumn , Issue , 2011, Pages 127-137

  Bojinov, Hristo ^a   Boneh, Dan ^a   Cannings, Rich ^b   Malchev, Iliyan ^b  

^a STANFORD UNIVERSITY   (United States)

^b GOOGLE INC   (United States)

Author keywords

Android; ASLR; Control flow hijacking; Mobile devices; Return to libc; Smartphones

Indexed keywords

ANDROID; ASLR; CONTROL FLOW HIJACKING; RETURN-TO-LIBC; SMARTPHONES;

MOBILE DEVICES; MOBILE TELECOMMUNICATION SYSTEMS; NETWORK SECURITY; PORTABLE EQUIPMENT;

WIRELESS NETWORKS;

EID: 80051871355     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1998412.1998434     Document Type: Conference Paper

References (27)

1. Android. www.android.com.
2. Ruediger R. Asche. Rebasing win32 dlls: The whole story, 1995. http://msdn.microsoft.com/en-us/library/ms810432.aspx.
3. Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In In Proceedings of the 12th USENIX Security Symposium, pages 105-120, 2003.
4. Dion Blazakis. Interpreter exploitation: Pointer inference and jit spraying, 2010. http://www.semantiscope.com/research/BHDC2010/BHDC-2010-Paper. pdf.
5. Monica Chew and Dawn Song. Mitigating buffer overflows by operating system randomization. Technical report, UC Berkeley, 2002.
6. Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. Pointguard™: Protecting pointers from buffer overflow vulnerabilities. In In Proc. of the 12th Usenix Security Symposium, 2003.
7. Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. Privilege escalation attacks on android. In ISC, pages 346-360, 2010.
8. Jake Edge. Linux aslr vulnerabilities, 2009. http://lwn.net/Articles/ 330866/.
9. Hiroaki Etoh. Gcc extension for protecting applications from stack-smashing attacks, 2005. http://www.research.ibm.com/trl/projects/security/ ssp/.
10. Aurélien Francillon, Daniele Perito, and Claude Castelluccia. Defending embedded systems against control flow attacks. In SecuCode '09: Proceedings of the first ACM workshop on Secure execution of untrusted code, pages 19-26, New York, NY, USA, 2009. ACM.
11. Gaurav S. Kc. Countering code-injection attacks with instruction-set randomization. In In Proceedings of the ACM Computer and Communications Security (CCS) Conference, pages 272-280. ACM Press, 2003. (Pubitemid 40673809)
12. Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications Conference, pages 339-348, Washington, DC, USA, 2006. IEEE Computer Society. (Pubitemid 351232927)
13. J. Krhovjak, V. Matyas, and J. Zizkovsky. Generating Random and Pseudorandom Sequences in Mobile Devices, pages 122-+. Springer, 2009.
14. David Litchfield. Buffer underruns, dep, aslr and improving the exploitation prevention mechanisms (xpms) on the windows platform, 2005. http://www.ngssoftware.com/papers/xpms.pdf.
15. Charlie Miller. Owning the fanboys: Hacking mac os x, 2008. http://www.blackhat.com/presentations/bh-jp-08/bh-jp-08-Miller/ BlackHat-Japan-08-Miller-Hacking-OSX.pdf.
16. Charlie Miller. Fuzzing the phone in your phone, 2009. http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller- FuzzingPhone-PAPER.pdf.
17. John Moser. Prelink and address space randomization, 2006. http://lwn.net/Articles/190139/.
18. Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, and Danilo Bruschi. Surgically returning to randomized lib(c). In ACSAC '09: Proceedings of the 2009 Annual Computer Security Applications Conference, pages 60-69, Washington, DC, USA, 2009. IEEE Computer Society.
19. Clint Ruoho. Aslr: Leopard versus vista, 2008. http://www. laconicsecurity.com/aslr-leopard-versus-vista.html.
20. Mark Russinovich. Inside the windows vista kernel: Part 3, 2007. http://technet.microsoft.com/en-us/magazine/2007.04.vistakernel.aspx.
21. segvguard. http://www.daemon-systems.org/man/security.8.html.
22. Hovav Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86. In In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.
23. Hovav Shacham, Eujin Goh, Nagendra Modadugu, Ben Pfaff, and Dan Boneh. On the effectiveness of address-space randomization. In In CCS'04: Proceedings of the 11th ACM Conference on Computer and Communications Security, pages 298-307. ACM Press, 2004. (Pubitemid 40338211)
24. Brad Spengler. Pax: The guaranteed end of arbitrary code execution, 2003. http://grsecurity.net/PaX-presentation-files/frame.htm.
25. The PaX Team. Homepage of the pax team, 2008. http://pax.grsecurity.net/.
26. Ollie Whitehouse. An analysis of address space layout randomization on windows vista, 2007. http://www.symantec.com/avcenter/reference/Address-Space- Layout-Randomization.pdf.
27. Haizhi Xu and Steve J. Chapin. Improving address space randomization with a dynamic offset randomization technique. In SAC '06: Proceedings of the 2006 ACM symposium on Applied computing, pages 384-391, New York, NY, USA, 2006. ACM. (Pubitemid 44758809)