Automatic generation of data-oriented exploits

Proceedings of the 24th USENIX Security Symposium

Volumn , Issue , 2015, Pages 177-192

  Hu, Hong ^a   Chua, Zheng Leong ^a   Adrian, Sendroiu ^a   Saxena, Prateek ^a   Liang, Zhenkai ^a  

^a NATIONAL UNIVERSITY OF SINGAPORE   (Singapore)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER OPERATING SYSTEMS; DATA TRANSFER; SYSTEMATIC ERRORS;

AUTOMATIC GENERATION; CONTROL DATA; CONTROL FLOWS; DEFENSE SOLUTIONS; ENCRYPTION KEY; FINE GRAINED; SENSITIVE INFORMATIONS; SYSTEMATIC METHOD;

CRYPTOGRAPHY;

EID: 84987628667     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (44)

1. Endspent(3C). https://docs.oracle.com/cd/ E36784 01/html/E36874/endspent-3c.html.
2. How Effective is ASLR on Linux Systems? http://securityetalii.es/2013/02/03/how-effective- is- aslr- on- linux- systems/.
3. HTTPDX tolog() Function Format String Vulnerability. http://cve.mitre.org/cgi- bin/cvename.cgi? name=CVE- 2009- 4769.
4. Nginx HTTP Server 1.3.9-1.4.0 Chunked Encoding Stack Buffer Overflow. http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html.
5. OrzHTTPd. https://code.google.com/p/orzhttpd/.
6. Subverting without EIP. http://mallocat.com/ subverting- without- eip/.
7. The Heartbleed Bug. http://heartbleed.com/.
8. Visual Studio 2015 Preview: Work-in-Progress Security Feature. http://blogs.msdn.com/b/vcblog/archive/2014/12/08/visual-studio-2015-preview-work-in-progress-security-feature.aspx.
9. Sudo Format String Vulnerability. http://www.sudo.ws/sudo/alerts/sudo debug.html, 2012.
10. ABADI, M., BUDIU, M., ERLINGSSON, U., AND LIGATTI, J. Control-flow Integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (2005).
11. AKRITIDIS, P. Cling: A Memory Allocator to Mitigate Dangling Pointers. In Proceedings of the 19th USENIX Security Symposium (2010).
12. ANDERSEN, S., AND ABELLA, V. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory protection technologies, Data Execution Prevention. Microsoft TechNet Library, September 2004.
13. AVGERINOS, T., CHA, S. K., HAO, B. L. T., AND BRUMLEY, D. AEG: Automatic Exploit Generation. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (2011).
14. BACKES, M., HOLZ, T., KOLLENDA, B., KOPPE, P., NÜRNBERGER, S., AND PEWNY, J. You Can Run but You Can’t Read: Preventing Disclosure Exploits in Executable Code. In Proceedings of the 21st ACM Conference on Computer and Communications Security (2014).
15. BHATKAR, S., DUVARNEY, D. C., AND SEKAR, R. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In Proceedings of the 12th USENIX Security Symposium (2003).
16. BRUMLEY, D., JAGER, I., AVGERINOS, T., AND SCHWARTZ, E. J. BAP: A Binary Analysis Platform. In Proceedings of the 23rd International Conference on Computer Aided Verification (2011).
17. BRUMLEY, D., POOSANKAM, P., SONG, D., AND ZHENG, J. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. In Proceedings of the 29th IEEE Symposium on Security and Privacy (2008).
18. CASTRO, M., COSTA, M., AND HARRIS, T. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (2006).
19. CHEN, S., XU, J., SEZER, E. C., GAURIAR, P., AND IYER, R. K. Non-Control-Data Attacks Are Realistic Threats. In Proceedings of the 14th USENIX Security Symposium (2005).
20. CHOW, J., PFAFF, B., GARFINKEL, T., AND ROSENBLUM, M. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In Proceedings of the 14th USENIX Security Symposium (2005).
21. CRISWELL, J., DAUTENHAHN, N., AND ADVE, V. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. In Proceedings of the 35th IEEE Symposium on Security and Privacy (2014).
22. DE MOURA, L., AND BJØRNER, N. Z3: An Efficient SMT Solver. In Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2008).
23. ENCK, W., GILBERT, P., CHUN, B.-G., COX, L. P., JUNG, J., MCDANIEL, P., AND SHETH, A. N. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (2010).
24. FELMETSGER, V., CAVEDON, L., KRUEGEL, C., AND VIGNA, G. Toward Automated Detection of Logic Vulnerabilities in Web Applications. In Proceedings of the 19th USENIX Security Symposium (2010).
25. GODEFROID, P., LEVIN, M. Y., AND MOLNAR, D. A. Automated whitebox fuzz testing. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008), Internet Society.
26. GODEFROID, P., AND TALY, A. Automated Synthesis of Symbolic Instruction Encodings from I/O Samples. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (2012).
27. JIM, T., MORRISETT, J. G., GROSSMAN, D., HICKS, M. W., CHENEY, J., AND WANG, Y. Cyclone: A Safe Dialect of C. In Proceedings of the USENIX Annual Technical Conference (2002).
28. LUK, C.-K., COHN, R., MUTH, R., PATIL, H., KLAUSER, A., LOWNEY, G., WALLACE, S., REDDI, V. J., AND HAZELWOOD, K. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (2005).
29. NAGARAKATTE, S., ZHAO, J., MARTIN, M. M., AND ZDANCEWIC, S. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the 30th ACM SIG-PLAN Conference on Programming Language Design and Implementation (2009).
30. NAGARAKATTE, S., ZHAO, J., MARTIN, M. M., AND ZDANCEWIC, S. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 9th International Symposium on Memory Management (2010).
31. NECULA, G. C., MCPEAK, S., AND WEIMER, W. CCured: Type-safe Retrofitting of Legacy Code. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2002).
32. NIU, B., AND TAN, G. Modular Control-flow Integrity. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (2014).
33. PAX TEAM. PaX Address Space Layout Randomization (ASLR). http://pax.grsecurity.net/docs/aslr. txt, 2003.
34. PAYER, M., AND GROSS, T. R. String Oriented Programming: When ASLR is Not Enough. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop (2013).
35. SERNA, F. J. The Info Leak Era on Software Exploitation. Black Hat USA (2012).
36. TICE, C., ROEDER, T., COLLINGBOURNE, P., CHECKOWAY, S., ERLINGSSON, U., LOZANO, L., AND PIKE, G. Enforcing Forward-edge Control-flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium (2014).
37. UBUNTU. List of Programs Built with PIE, May 2012. https://wiki.ubuntu.com/Security/Features#pie.
38. WANG, Z., AND JIANG, X. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In Proceedings of the 31st IEEE Symposium on Security and Privacy (2010).
39. XU, W., BHATKAR, S., AND SEKAR, R. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks. In Proceedings of the 15th USENIX Security Symposium (2006).
40. YIP, A., WANG, X., ZELDOVICH, N., AND KAASHOEK, M. F. Improving Application Security with Data Flow Assertions. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles (2009).
41. ZENG, B., TAN, G., AND ERLINGSSON, U. Strato: A Retargetable Framework for Low-level Inlined-reference Monitors. In Proceedings of the 22nd USENIX Security Symposium (2013).
42. ZENG, B., TAN, G., AND MORRISETT, G. Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM conference on Computer and Communications Security (2011).
43. ZHANG, C., WEI, T., CHEN, Z., DUAN, L., SZEKERES, L., MCCAMANT, S., SONG, D., AND ZOU, W. Practical Control Flow Integrity and Randomization for Binary Executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy (2013).
44. ZHANG, M., AND SEKAR, R. Control Flow Integrity for COTS Binaries. In Proceedings of the 22nd USENIX Security Symposium (2013).