The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later
作者: Victor van der Veen , Dennis Andriesse , Manolis Stamatogiannakis , Xi Chen , Herbert Bos
关键词: Computer science 、 Simple (philosophy) 、 Exploit 、 Code reuse 、 Computer security 、 Static analysis 、 Taint checking 、 Return-oriented programming 、 Subroutine 、 Binary code
摘要: … Our attacker seeks to locate gadgets and mount codereuse attacks, even in the face of state-of-the-art defenses such as Control-Flow Integrity (CFI) [66–68], leakage-resistant …
narcis.nl
acm.org参考文章(69)
Michalis Polychronakis, Angelos D. Keromytis, Vasilis Pappas, Transparent ROP exploit mitigation using indirect branch tracing usenix security symposium. pp. 447- 462 ,(2013)
Zheng Leong Chua, Zhenkai Liang, Prateek Saxena, Hong Hu, Sendroiu Adrian, Automatic generation of data-oriented exploits usenix security symposium. pp. 177- 192 ,(2015)
Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications 2015 IEEE Symposium on Security and Privacy. pp. 745- 762 ,(2015) , 10.1109/SP.2015.51
Michalis Polychronakis, Georgios Portokalidis, Enes Göktaş, Elias Athanasopoulos, Herbert Bos, Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard usenix security symposium. pp. 417- 432 ,(2014)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, Hamed Okhravi, Missing the Point(er): On the Effectiveness of Code Pointer Integrity 2015 IEEE Symposium on Security and Privacy. ,vol. 2015, pp. 781- 796 ,(2015) , 10.1109/SP.2015.53
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Efficient techniques for comprehensive protection from memory error exploits usenix security symposium. pp. 17- 17 ,(2005)
Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz, Readactor: Practical Code Randomization Resilient to Memory Disclosure 2015 IEEE Symposium on Security and Privacy. pp. 763- 780 ,(2015) , 10.1109/SP.2015.52
Fabian Monrose, Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi, Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection usenix security symposium. pp. 401- 416 ,(2014)
Stefan Nürnberger, Michael Backes, Oxymoron: making fine-grained memory randomization practical by allowing code sharing usenix security symposium. pp. 433- 447 ,(2014)