AVRAND: A Software-Based Defense Against Code Reuse Attacks for AVR Embedded Devices
作者: Sergio Pastrana , Juan E. Tapiador , Guillermo Suarez-Tangil , Peris-Lopez , Pedro
DOI: 10.1007/978-3-319-40667-1_4
关键词:
摘要: Code reuse attacks are advanced exploitation techniques that constitute a serious threat for modern systems. They profit from control flow hijacking vulnerability to maliciously execute one or more pieces of code the targeted application. ASLR and Control Flow Integrity two mechanisms commonly used deter automated based on reuse. Unfortunately, none these solutions suitable modified Harvard architectures such as AVR microcontrollers. In this work, we present attack against embedded devices shows how an adversary can arbitrary reused firmware other external libraries. We then propose software-based defense fine-grained random permutations memory. Our solution is installed in bootloader section device thus executes during every reset. also self-obfuscation technique hinder code-reuse bootloader.
springer.com
core.ac.uk 
sci-hub.st 参考文章(22)
Javid Habibi, Aditi Gupta, Stephen Carlsony, Ajay Panicker, Elisa Bertino, MAVR: Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles international conference on distributed computing systems. pp. 642- 652 ,(2015) , 10.1109/ICDCS.2015.71
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Kevin W. Hamlen, Vishwath Mohan, Frankenstein: stitching malware from benign binaries WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies. pp. 8- 8 ,(2012)
Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz, Readactor: Practical Code Randomization Resilient to Memory Disclosure 2015 IEEE Symposium on Security and Privacy. pp. 763- 780 ,(2015) , 10.1109/SP.2015.52
Stefan Nürnberger, Michael Backes, Oxymoron: making fine-grained memory randomization practical by allowing code sharing usenix security symposium. pp. 433- 447 ,(2014)
K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A. Sadeghi, Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization ieee symposium on security and privacy. pp. 574- 588 ,(2013) , 10.1109/SP.2013.45
Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z. Snow, Fabian Monrose, Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23262
Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin W. Hamlen, Michael Franz, Opaque Control-Flow Integrity network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23271
Ahmad-Reza Sadeghi, Christian Wachsmann, Michael Waidner, Security and privacy challenges in industrial internet of things design automation conference. ,vol. 17, pp. 54- ,(2015) , 10.1145/2744769.2747942
Adrian Tang, Simha Sethumadhavan, Salvatore Stolfo, Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads computer and communications security. pp. 256- 267 ,(2015) , 10.1145/2810103.2813685