Framing signals - A return to portable shellcode

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2014, Pages 243-258

  Bosman, Erik ^a   Bos, Herbert ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

Author keywords

backdoors; exploits; Operatings system security

Indexed keywords

SECURITY OF DATA;

BACKDOORS; EXPLOITATION TECHNIQUES; EXPLOITS; LINUX DISTRIBUTIONS; MITIGATION TECHNIQUES; PROGRAMMING PROJECTS; RETURN-ORIENTED PROGRAMMING; SYSTEM SECURITY;

LINUX;

EID: 84914165357     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2014.23     Document Type: Conference Paper

References (32)

1. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th conference on USENIX Security Symposium, SSYM'05, 2005.
2. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th conference on USENIX Security Symposium - Volume 14, SSYM'05, pages 17-17, Berkeley, CA, USA, 2005. USENIX Association.
3. Tyler Bletsch, Xuxian Jiang, Vince W. Freeh, and Zhenkai Liang. Jump-oriented programming: a new class of codereuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, pages 30-40, New York, NY, USA, 2011. ACM.
4. Bulba and Kil3r. Bypassing StackGuard and Stack-Shield. http://www.phrack.org/issues.html?issue=56&id= 5article, January 2000.
5. Ping Chen, Hai Xiao, Xiaobin Shen, Xinchun Yin, Bing Mao, and Li Xie. Drop: Detecting return-oriented programming malicious code. In Proceedings of the 5th International Conference on Information Systems Security, ICISS '09, pages 163-177, Berlin, Heidelberg, 2009. Springer-Verlag.
6. Lucas Davi, Ahmad-Reza Sadeghi, and Marcel Winandy. Ropdefender: a detection tool to defend against returnoriented programming attacks. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, pages 40-51, New York, NY, USA, 2011. ACM.
7. Thomas Dullien. Exploitation and state machines: Programming the 'weird machine', revisited. In Infiltrate Conference, Miami, FLA, April 2011.
8. Brandon Edwards. Dos? then who was phone? (asterisk exploit related to cve-2012-5976). http://blog.exodusintel.com/tag/asterisk-exploit/.
9. Sergey Bratus Julian Bangert. Page fault liberation army or gained in translation. http://events.ccc.de/congress/2012/Fahrplan/events/5265.en.html.
10. Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC '06, pages 339-348, Washington, DC, USA, 2006. IEEE Computer Society.
11. Jinku Li, Zhi Wang, Xuxian Jiang, Michael Grace, and Sina Bahram. Defeating return-oriented rootkits with "return-less" kernels. In Proceedings of the 5th European conference on Computer systems, EuroSys '10, pages 195-208, New York, NY, USA, 2010. ACM.
12. David Litchfield. Defeating the stack based buffer overflow prevention mechanism of microsoft windows 2003 server. 2003.
13. Vincenzo Lozzo, Tim Kornau, and Ralf-Philipp Weinmann. Everybody be cool, this is a roppery! In Proceedings of BlackHat USA, Las Vegas, USA, 2010.
14. Microsoft. Data execution prevention.
15. Matt Miller. Preventing the exploitation of seh overwrites. Uninformed Journal, 5, 2006.
16. Urban Müller. Brainfuck-an eight-instruction turing-complete programming language. Available at the Internet address http://www.muppetlabs.com/breadbox/bf/, 1993.
17. Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. G-free: defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC), ACSAC '10, pages 49-58. ACM, December 2010.
18. Vasilis Pappas. kbouncer: EïňČcient and transparent rop mitigation. In Usenix Security, Microsoft BlueHat Prize winner., 2013.
19. Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, pages 601-615, Washington, DC, USA, 2012. IEEE Computer Society.
20. PaX Project. Address Space Layout Randomization. http://pax.grsecurity.net/docs/aslr.txt, 2001.
21. Dennis Ritchie. Unix version 6 - signal.s. http://minnie.tuhs.org/cgi-bin/utree.pl?file=V6/usr/source/s5/signal.s, 1975.
22. Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, and Danilo Bruschi. Surgically returning to randomized lib(c). In Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC '09, pages 60-69, Washington, DC, USA, 2009. IEEE Computer Society.
23. Edward J Schwartz, Thanassis Avgerinos, and David Brumley. Q: Exploit hardening made easy. In Proceedings of the 20th USENIX Security Symposium, 2011.
24. Hovav Shacham. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security, CCS'07, 2007.
25. Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security (CCS'04), 2004.
26. Rebecca Shapiro. The care and feeding of weird machines found in executable metadata. http://events.ccc.de/congress/2012/Fahrplan/events/5195.en.html.
27. Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP '13, pages 574-588, Washington, DC, USA, 2013. IEEE Computer Society.
28. Solar Designer. Getting around non-executable stack (and fix). http://seclists.org/bugtraq/1997/Aug/63, August 1997.
29. Alexander Sotirov. Heap feng shui in javascript. Black Hat Europe, 2007.
30. Julien Vanegue. The automated exploitation grand challenge, tales of weird machines. In H2C2 conference, Sao Paulo, Brazil, October 2013.
31. Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. Jekyll on ios: when benign apps become evil. In Proceedings of the 22nd USENIX conference on Security, SEC'13, pages 559-572, Berkeley, CA, USA, 2013. USENIX Association.
32. Michal Zalewski. "delivering signals for fun and profit". http://lcamtuf.coredump.cx/signals.txt, 2001.