Publikationen
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (Best Student Paper Award)
| Autor | Snow, Kevin; Davi, Lucas; Dmitrienko, Alexandra; Liebchen, Christopher; Monrose, Fabian; Sadeghi, Ahmad-Reza |
|---|---|
| Datum | 2013 |
| Art | Conference Proceedings |
| Abstrakt | Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this paper, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, that undermines the benefits of fine-grained ASLR. Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets - all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought. |
| In | 34th IEEE Symposium on Security and Privacy (Oakland 2013) |
| Schlüssel | TUD-CS-2013-0026 |
| Url | https://tubiblio.ulb.tu-darmstadt.de/id/eprint/104281 |
Aus- und Weiterbildung
Informieren Sie sich über die Aus- und Weiterbildungsangebote der in ATHENE mitwirkenden Institutionen