TU Darmstadt / ULB / TUbiblio

Just-In-Time Code Reuse: the More Things Change, the More They Stay the Same

Snow, Kevin and Davi, Lucas and Dmitrienko, Alexandra and Liebchen, Christopher and Monrose, Fabian and Sadeghi, Ahmad-Reza :
Just-In-Time Code Reuse: the More Things Change, the More They Stay the Same.
BlackHat USA
[Conference or Workshop Item] , (2013)

Abstract

Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this presentation, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, which both undermines the benefits of fine-grained ASLR and greatly enhances the ease of exploit development on today's platforms that combine standard ASLR and DEP (e.g. Windows 8). Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets - all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, show its effectiveness in Windows 8, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought.

Item Type: Conference or Workshop Item
Erschienen: 2013
Creators: Snow, Kevin and Davi, Lucas and Dmitrienko, Alexandra and Liebchen, Christopher and Monrose, Fabian and Sadeghi, Ahmad-Reza
Title: Just-In-Time Code Reuse: the More Things Change, the More They Stay the Same
Language: German
Abstract:

Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this presentation, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, which both undermines the benefits of fine-grained ASLR and greatly enhances the ease of exploit development on today's platforms that combine standard ASLR and DEP (e.g. Windows 8). Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets - all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, show its effectiveness in Windows 8, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought.

Title of Book: BlackHat USA
Uncontrolled Keywords: ICRI-SC;Secure Things
Divisions: Department of Computer Science
Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 04 Aug 2016 10:13
Identification Number: TUD-CS-2013-0207
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item