Mitigating code-reuse attacks with control-flow locking

ACM International Conference Proceeding Series

Volumn , Issue , 2011, Pages 353-362

  Bletsch, Tyler ^a   Jiang, Xuxian ^a   Freeh, Vince ^a  

^a North Carolina State University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARBITRARY ORDER; CONTROL FLOWS; CONTROL-FLOW; DEFENSE TECHNIQUES; DEPLOYABILITY; NORMAL CONTROLS; PROOF OF CONCEPT; SYSTEM CALLS;

CODES (SYMBOLS); COMPUTER APPLICATIONS; COMPUTER OPERATING SYSTEMS; COMPUTER SOFTWARE REUSABILITY; DATA FLOW ANALYSIS; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 84855737396     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2076732.2076783     Document Type: Conference Paper

References (38)

1. Wikipedia. W^X. http://en.wikipedia.org/wiki/W^X.
2. Solar Designer. Getting around non-executable stack (and fix). Bugtraq, 1997.
3. Hovav Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In 14th ACM CCS, 2007.
4. Ping Chen, Hai Xiao, Xiaobin Shen, Xinchun Yin, Bing Mao, and Li Xie. Drop: Detecting return-oriented programming malicious code. In 5th ACM ICISS, 2009.
5. Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. Dynamic Integrity Measurement and Attestation: Towards Defense against Return-oriented Programming Attacks. In 4th ACM STC, 2009.
6. Jinku Li, Zhi Wang, Xuxian Jiang, Mike Grace, and Sina Bahram. Defeating return-oriented rootkits with return-less kernels. In 5th ACM SIGOPS EuroSys Conference, April 2010.
7. Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. ROPdefender: A detection tool to defend against return-oriented programming attacks. Technical Report HGI-TR-2010-001, Horst Görtz Institute for IT Security, March 2010.
8. Tzi-cker Chiueh and Fu-Hau Hsu. RAD: A Compile-Time Solution to Buffer Overflow Attacks. In 21st IEEE ICDCS, April 2001.
9. Mike Frantzen and Mike Shuey. StackGhost: Hardware Facilitated Stack Protection. In 10th USENIX Security Symposium, 2001.
10. Vendicator. Stack Shield: A "Stack Smashing" Technique Protection Tool for Linux. http://www.angelfire.com/sk/stackshield/info.html.
11. Tyler Bletsch, Xuxian Jiang, Vince Freeh, and Zhenkai Liang. Jump-Oriented Programming: A New Class of Code-Reuse Attack. In 6th AsiaCCS, March 2011.
12. Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. Return-Oriented Programming Without Returns. In 17th ACM CCS, October 2010.
13. Martín Abadi, Mihai Budiu, Úlfar Erilingsson, and Jay Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. In 12th ACM CCS, October 2005.
14. Nergal. The Advanced Return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine, Volume 11, Issue 0x58, File 4 of 14, December 2001.
15. Erik Buchanan, Ryan Roemer, Hovav Shacham, and Stefan Savage. When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC. In 15th ACM CCS, pages 27-38, New York, NY, USA, 2008. ACM.
16. Felix "FX" Lidner. Developments in Cisco IOS Forensics. In CONference 2.0, November 2009.
17. Tim Kornau. Return oriented programming for the ARM architecture. Master's thesis, Ruhr-Universität Bochum, January 2010.
18. Stephen Checkoway, Ariel J. Feldman, Brian Kantor, J. Alex Halderman, Edward W. Felten, and Hovav Shacham. Can DREs provide long-lasting security? The case of return-oriented programming and the AVC Advantage. In EVT/WOTE 2009, USENIX, August 2009.
19. Stefan Esser. Utilizing Code Reuse/ROP in PHP Application Exploits. In BlackHat USA, 2010.
20. Ralf Hund, Thorsten Holz, and Felix C. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In 19th USENIX Security Symposium, August 2009.
21. Daniele Perito Claude Castelluccia, Aurélien Francillon and Claudio Soriente. On the Difficulty of Software-Based Attestation of Embedded Devices. In 16th ACM CCS, New York, NY, USA, 2009. ACM.
22. Crispin Cowan, Calton Pu, Dave Maier, Heather Hintony, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In 7th USENIX Security, page 5, 1998.
23. PaX Team. PaX ASLR Documentation. http://pax.grsecurity.net/docs/aslr. txt.
24. Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. 12th USENIX Security, 2003.
25. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient Techniques for Comprehensive Protection from Memory Error Exploits. 14th USENIX Security, 2005.
26. Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. Transparent Runtime Randomization for Security. 22nd SRDS, October 2003.
27. Tyler Durden. Bypassing PaX ASLR Protection. Phrack Magazine, Volume 11, Issue 0x59, File 9 of 18, June 2002.
28. Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the Effectiveness of Address Space Randomization. 11th ACM CCS, 2004.
29. Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. Secure Execution Via Program Shepherding. In 11th USENIX Security Symposium, August 2002.
30. Miguel Castro, Manuel Costa, and Tim Harris. Securing Software by Enforcing Data-Flow Integrity. In 7th USENIX OSDI, November 2006.
31. Úlfar Erlingsson, Martin Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. XFI: Software Guards for System Address Spaces. In 7th USENIX OSDI, 2006.
32. Periklis Akritidis, Cristian Cadar, Costin Raiciu, Manuel Costa, and Miguel Castro. Preventing Memory Error Exploits with WIT. In 28th IEEE Symposium on Security and Privacy, May 2008.
33. Miguel Castro, Manuel Costa, Jean-Philippe Martin, Marcus Peinado, Periklis Akritidis, Austin Donnelly, Paul Barham, and Richard Black. Fast Byte-Granularity Software Fault Isolation. In 22nd ACM SOSP, October 2009.
34. Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. G-free: Defeating return-oriented programming through gadget-less binaries. In ACSAC, 2010.
35. Stephen McCamant and Greg Morrisett. Efficient, verifiable binary sandboxing for a CISC architecture. In MIT Tech Report MIT-CSAIL-TR-2005-030, 2005.
36. Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. Native Client: A sandbox for portable, untrusted x86 native code. Communications of the ACM, 53(1):91-99, 2010.
37. Felix von Leitner et al. dietlibc. http://www.fefe.de/dietlibc/.
38. Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. Non-control-data attacks are realistic threats. In 14th USENIX Security, pages 177-192, 2005.