Advancing Memory-corruption Attacks and Defenses
DOI:
关键词: Static program analysis 、 Page table 、 Computer security 、 Computer science 、 Exploit 、 Memory virtualization 、 Code (cryptography) 、 Memory corruption 、 Compiler 、 Just-in-time compilation
摘要: Adversaries exploit software vulnerabilities in modern to compromise computer systems. While the amount and sophistication of such attacks is constantly increasing, most them are based on memory-corruption vulnerabilities---a problem that has been persisting over last four decades. The research community taken challenge providing mitigations against memory-corruption-based attack techniques as code-injection, code-reuse, data-only attacks. In a constant arms race, researchers from academia industry developed new reveal weaknesses existing defense techniques, these findings propose mitigation with goal provide efficient effective defenses presence vulnerabilities. Along this line research, dissertation contributes significantly by recently proposed more enhanced attacks. Specifically, we present sophisticated CFI implementation two premier open-source compilers, demonstrate conceptual limitations coarse- fine-grained CFI. Our first exploits compiler-introduced race-condition vulnerability, which temporarily spills read-only CFI-critical variables writable memory, hence, enables attacker bypass check. second modifies intermediate representation JIT compiler browsers generate attacker-controlled code. We then turn our attention attacking randomization-based defenses. randomization advanced memory-disclosure techniques. particular, can any code-randomization either reading code directly, or indirectly combining static analysis sufficient number disclosed pointers. Based insights gain through design implement leakage-resilient scheme defeat code-reuse using execute-only memory mitigate Since x86 does not natively support leverage virtualization enable it for server desktop Moreover, since embedded systems do offer virtualization, how overcome limitation implementing extension software-based ARM-based Lastly, also be deployed page table.
tu-darmstadt.de参考文章(123)
Ravishankar K. Iyer, Emre C. Sezer, Shuo Chen, Prachi Gauriar, Jun Xu, Non-control-data attacks are realistic threats usenix security symposium. pp. 12- 12 ,(2005)
David Sehr, Cliff Biffle, Karl Schimpf, Brad Chen, Robert Muth, Egor Pasko, Bennet Yee, Victor Khimenko, Adapting software fault isolation to contemporary CPU architectures usenix security symposium. pp. 1- 1 ,(2010)
Michalis Polychronakis, Angelos D. Keromytis, Vasilis Pappas, Transparent ROP exploit mitigation using indirect branch tracing usenix security symposium. pp. 447- 462 ,(2013)
Todd Jackson, Andrei Homescu, Stephen Crane, Per Larsen, Stefan Brunthaler, Michael Franz, Diversifying the Software Stack Using Randomized NOP Insertion Moving Target Defense. pp. 151- 173 ,(2013) , 10.1007/978-1-4614-5416-8_8
Ping Chen, Yi Fang, Bing Mao, Li Xie, JITDefender: A Defense against JIT Spraying Attacks information security conference. pp. 142- 153 ,(2011) , 10.1007/978-3-642-21424-0_12
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
Rafal Wojtczuk, Subverting the Xen hypervisor ,(2008)
Felix C. Freiling, Ralf Hund, Thorsten Holz, Return-oriented rootkits: bypassing kernel code integrity protection mechanisms usenix security symposium. pp. 383- 398 ,(2009)
Antonio Barresi, David Wagner, Thomas R. Gross, Mathias Payer, Nicolas Carlini, Control-flow bending: on the effectiveness of control-flow integrity usenix security symposium. pp. 161- 176 ,(2015)
Zheng Leong Chua, Zhenkai Liang, Prateek Saxena, Hong Hu, Sendroiu Adrian, Automatic generation of data-oriented exploits usenix security symposium. pp. 177- 192 ,(2015)