String oriented programming: When ASLR is not enough

Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop 2013, PPREW 2013

Volumn , Issue , 2013, Pages

  Payer, Mathias ^a   Gross, Thomas R ^a  

^a ETH ZURICH   (Switzerland)

Author keywords

[No Author keywords available]

Indexed keywords

ADDRESS SPACE LAYOUT RANDOMIZATIONS; ATTACK VECTOR; DATA EXECUTION PREVENTIONS; FORMAT STRING; MEMORY REGION; RETURN-ORIENTED PROGRAMMING; RUNNING APPLICATIONS; SOFTWARE SYSTEMS; STATIC MEMORY; STATIC PROGRAM ANALYSIS;

APPLICATION PROGRAMS; COMPUTER OPERATING SYSTEMS; COMPUTER PROGRAMMING LANGUAGES; REVERSE ENGINEERING; TECHNICAL PRESENTATIONS;

SECURITY OF DATA;

EID: 84874142484     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2430553.2430555     Document Type: Conference Paper

References (26)

1. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. Control-flow integrity. In CCS'05: Proc. 12th Conf. Computer and Communications Security (2005), pp. 340-353.
2. ALEPH1. Smashing the stack for fun and profit. Phrack 7, 49 (Nov. 1996), http://phrack.com/issues.html?issue=49&id=14.
3. BARATLOO, A., SINGH, N., AND TSAI, T. Transparent run-time defense against stack smashing attacks. In Proc. USENIX ATC (2000), pp. 251-262.
4. BHATKAR, E., DUVARNEY, D. C., AND SEKAR, R. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In SSYM'03: Proc. 12th USENIX Security Symp. (2003), pp. 105-120.
5. BHATKAR, S., BHATKAR, E., SEKAR, R., AND DUVARNEY, D. C. Efficient techniques for comprehensive protection from memory error exploits. In SSYM'05: Proc. 14th USENIX Security Symp. (2005), pp. 255-270.
6. BLACKNGEL. The house of lore: Reloaded. Phrack 14, 67 (Nov. 2010), http://phrack.com/issues.html?issue=67&id=8.
7. BLETSCH, T., JIANG, X., FREEH, V. W., AND LIANG, Z. Jump-oriented programming: a new class of code-reuse attack. In ASIACCS'11: Proc. 6th ACM Symp. on Information, Computer and Communications Security (2011), pp. 30-40.
8. COWAN, C., BARRINGER, M., BEATTIE, S., KROAH-HARTMAN, G., FRANTZEN, M., AND LOKIER, J. Format-guard: automatic protection from printf format string vulnerabilities. In SSYM'01: Proc. 10th USENIX Security Symp. (2001).
9. COWAN, C., BEATTIE, S., JOHANSEN, J., AND WAGLE, P. PointguardTM: protecting pointers from buffer overflow vulnerabilities. In SSYM'03: Proc. 12th USENIX Security Symp. (2003).
10. COWAN, C., PU, C., MAIER, D., HINTONY, H., WALPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., AND ZHANG, Q. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In SSYM'98: Proc. 7th USENIX Security Symp. (1998).
11. ERLINGSSON, Ú., ABADI, M., VRABLE, M., BUDIU, M., AND NECULA, G. C. XFI: Software guards for system address spaces. In OSDI'06 (2006), pp. 75-88.
12. GADALETA, F., YOUNAN, Y., JACOBS, B., JOOSEN, W., DE NEVE, E., AND BEOSIER, N. Instruction-level countermeasures against stack-based buffer overflow attacks. In VDTS '09: Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems (2009), ACM, pp. 7-12.
13. GERA, AND RIQ. Advances in format string exploitation. Phrack 11, 59 (2002), http://phrack.com/issues.html?issue=59&id=7.
14. HAAS, P. Advanced format string attacks. https://www.defcon.org/images/ defcon-18/dc-18-presentations/Haas/DEFCON-18-Haas-Adv-Format-String-Attacks.pdf, DEFCON 18 2010.
15. HIROAKI, E., AND KUNIKAZU, Y. ProPolice: Improved stack-smashing attack detection. IPSJ SIG Notes (2001), 181- 188.
16. NERGAL. The advanced return-into-lib(c) exploits. Phrack 11, 58 (Nov. 2007), http://phrack.com/issues.html?issue=67&id=8.
17. OWASP. Definition of format string attacks. https://www.owasp.org/index. php/Format-string-attack.
18. PA X-TEAM. PaX ASLR (Address Space Layout Randomization). http://pax.grsecurity.net/docs/aslr.txt, 2003.
19. PAYER, M., AND GROSS, T. R. Fine-grained user-space security through virtualization. In VEE'11: Proc. 7th Int'l Conf. Virtual Execution Environments (2011), pp. 157-168.
20. PINCUS, J., AND BAKER, B. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy 2 (2004), 20-27.
21. PLANET, C. A eulogy for format strings. Phrack 14, 67 (2010), http://phrack.com/issues.html?issue=67&id=8.
22. SCHWARTZ, E. J., AVGERINOS, T., AND BRUMLEY, D. Q: Exploit hardening made easy. In Proceedings of the USENIX Security Symposium (2011).
23. SHACHAM, H. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In CCS'07: Proc. 14th Conf. on Computer and Communications Security (2007), pp. 552-561.
24. SHACHAM, H., PAGE, M., PFAFF, B., GOH, E.-J., MODADUGU, N., AND BONEH, D. On the effectiveness of address-space randomization. In CCS'04: Proc. 11th Conf. Computer and Communications Security (2004), pp. 298-307.
25. UBUNTU. List of programs built with PIE. https://wiki.ubuntu.com/ Security/Features#pie, May 2012.
26. VAN DE VEN, A., AND MOLNAR, I. Exec shield. https://www.redhat.com/f/pdf/ rhel/WHP0006US-Execshield.pdf, 2004.