메뉴 건너뛰기




Volumn 6961 LNCS, Issue , 2011, Pages 121-141

On the expressiveness of return-into-libc attacks

Author keywords

Return into libc; return oriented programming; Turing complete

Indexed keywords

BUFFER OVERFLOWS; CONTROL FLOWS; EXPRESSIVE POWER; RETURN-INTO-LIBC; TURING-COMPLETE; WINDOWS PLATFORM;

EID: 84857304973     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-23644-0_7     Document Type: Conference Paper
Times cited : (107)

References (35)
  • 1
    • 3042642332 scopus 로고    scopus 로고
    • The Advanced Return-into-lib(c) Exploits: PaX Case Study
    • Nergal.0x58
    • Nergal: The Advanced Return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine 11(0x58), 4-14 (2001)
    • (2001) Phrack Magazine , vol.11 , pp. 4-14
  • 2
    • 77952351839 scopus 로고    scopus 로고
    • The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)
    • Shacham, H.: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In: 14th ACM CCS (2007)
    • (2007) 14th ACM CCS
    • Shacham, H.1
  • 4
    • 74049136385 scopus 로고    scopus 로고
    • Dynamic Integrity Measurement and Attestation: Towards Defense against Return-oriented Programming Attacks
    • Davi, L., Sadeghi, A.-R., Winandy, M.: Dynamic Integrity Measurement and Attestation: Towards Defense against Return-oriented Programming Attacks. In: 4th ACM STC (2009)
    • (2009) 4th ACM STC
    • Davi, L.1    Sadeghi, A.-R.2    Winandy, M.3
  • 5
    • 78650915151 scopus 로고    scopus 로고
    • Jump-Oriented Programming: A New Class of Code-Reuse Attack
    • Department of Computer Science, NC State University April
    • Bletsch, T., Jiang, X., Freeh, V.: Jump-Oriented Programming: A New Class of Code-Reuse Attack. In: CSC-TR-2010-8, Department of Computer Science, NC State University (April 2010)
    • (2010) CSC-TR-2010-8
    • Bletsch, T.1    Jiang, X.2    Freeh, V.3
  • 6
    • 78751484536 scopus 로고    scopus 로고
    • G-free: Defeating Return-Oriented Programming Through Gadget-less Binaries
    • Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: Defeating Return-Oriented Programming Through Gadget-less Binaries. In: 26th ACSAC (2010)
    • (2010) 26th ACSAC
    • Onarlioglu, K.1    Bilge, L.2    Lanzi, A.3    Balzarotti, D.4    Kirda, E.5
  • 7
    • 70349267779 scopus 로고    scopus 로고
    • When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC
    • Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC. In: 15th ACM CCS (2008)
    • (2008) 15th ACM CCS
    • Buchanan, E.1    Roemer, R.2    Shacham, H.3    Savage, S.4
  • 10
    • 74049112175 scopus 로고    scopus 로고
    • On the Difficulty of Software- Based Attestation of Embedded Devices
    • ACM, New York
    • Castelluccia, D.P.C., Francillon, A., Soriente, C.: On the Difficulty of Software- Based Attestation of Embedded Devices. In: 16th ACM CCS, ACM, New York (2009)
    • (2009) 16th ACM CCS
    • Castelluccia, D.P.C.1    Francillon, A.2    Soriente, C.3
  • 12
    • 71549162538 scopus 로고    scopus 로고
    • DROP: Detecting Return- Oriented Programming Malicious Code
    • Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. Springer, Heidelberg
    • Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: Detecting Return- Oriented Programming Malicious Code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163-177. Springer, Heidelberg (2009)
    • (2009) LNCS , vol.5905 , pp. 163-177
    • Chen, P.1    Xiao, H.2    Shen, X.3    Yin, X.4    Mao, B.5    Xie, L.6
  • 14
    • 84857285531 scopus 로고    scopus 로고
    • Return-Oriented Exploitation
    • Zovi, D.D.: Return-Oriented Exploitation. Black Hat (2010)
    • (2010) Black Hat
    • Zovi, D.D.1
  • 15
    • 38149131588 scopus 로고    scopus 로고
    • The Austin Group. Version 3 (POSIX-2001)
    • The Austin Group. The Single UNIX Specification, Version 3 (POSIX-2001)
    • The Single UNIX Specification
  • 16
    • 84857272339 scopus 로고    scopus 로고
    • Microsoft MSDN (2010), http://msdn.microsoft.com/en-us/library/dd162746
    • (2010)
  • 17
    • 77952274256 scopus 로고    scopus 로고
    • Technical Report WG14 N1124, ISO/IEC
    • The ANSI C standard (C99). Technical Report WG14 N1124, ISO/IEC (1999)
    • (1999) The ANSI C Standard (C99)
  • 18
    • 84857248904 scopus 로고    scopus 로고
    • Busy Beaver, http://en.wikipedia.org/wiki/Busy-beaver
    • Busy Beaver
  • 20
    • 76949101487 scopus 로고    scopus 로고
    • Getting Around Non-executable Stack (and Fix)
    • Solar Designer
    • Solar Designer. Getting Around Non-executable Stack (and Fix). Bugtraq (1997)
    • (1997) Bugtraq
  • 23
    • 0035017559 scopus 로고    scopus 로고
    • RAD: A Compile-Time Solution to Buffer Overflow Attacks
    • April
    • Chiueh, T.-c., Hsu, F.-H.: RAD: A Compile-Time Solution to Buffer Overflow Attacks. In: 21st IEEE ICDCS (April 2001)
    • (2001) 21st IEEE ICDCS
    • Chiueh, T.-C.1    Hsu, F.-H.2
  • 29
    • 84954188728 scopus 로고    scopus 로고
    • Efficient Techniques for Comprehensive Protection from Memory Error Exploits
    • Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In: 14th USENIX Security (2005)
    • (2005) 14th USENIX Security
    • Bhatkar, S.1    Sekar, R.2    DuVarney, D.C.3
  • 32
    • 14844317200 scopus 로고    scopus 로고
    • Countering Code-Injection AttacksWith Instruction-Set Randomization
    • Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-Injection AttacksWith Instruction-Set Randomization. In: 10th ACM CCS (2003)
    • (2003) 10th ACM CCS
    • Kc, G.S.1    Keromytis, A.D.2    Prevelakis, V.3
  • 34
    • 33646767376 scopus 로고    scopus 로고
    • Control-Flow Integrity: Principles, Implementations, and Applications
    • Abadi, M., Budiu, M., Erilingsson, Ú., Ligatti, J.: Control-Flow Integrity: Principles, Implementations, and Applications. In: 12th ACM CCS (2005)
    • (2005) 12th ACM CCS
    • Abadi, M.1    Budiu, M.2    Erilingsson, Ú.3    Ligatti, J.4
  • 35
    • 84991997276 scopus 로고    scopus 로고
    • Securing Software by Enforcing Data-Flow Integrity
    • November
    • Castro, M., Costa, M., Harris, T.: Securing Software by Enforcing Data-Flow Integrity. In: 7th USENIX OSDI (November 2006)
    • (2006) 7th USENIX OSDI
    • Castro, M.1    Costa, M.2    Harris, T.3


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.