Snow, Kevin ; Davi, Lucas ; Dmitrienko, Alexandra ; Liebchen, Christopher ; Monrose, Fabian ; Sadeghi, Ahmad-Reza (2013)
Just-In-Time Code Reuse: the More Things Change, the More They Stay the Same.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this presentation, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, which both undermines the benefits of fine-grained ASLR and greatly enhances the ease of exploit development on today's platforms that combine standard ASLR and DEP (e.g. Windows 8). Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets - all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, show its effectiveness in Windows 8, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2013 |
| Autor(en): | Snow, Kevin ; Davi, Lucas ; Dmitrienko, Alexandra ; Liebchen, Christopher ; Monrose, Fabian ; Sadeghi, Ahmad-Reza |
| Art des Eintrags: | Bibliographie |
| Titel: | Just-In-Time Code Reuse: the More Things Change, the More They Stay the Same |
| Sprache: | Deutsch |
| Publikationsjahr: | August 2013 |
| Buchtitel: | BlackHat USA |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this presentation, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, which both undermines the benefits of fine-grained ASLR and greatly enhances the ease of exploit development on today's platforms that combine standard ASLR and DEP (e.g. Windows 8). Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets - all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, show its effectiveness in Windows 8, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought. |
| Freie Schlagworte: | ICRI-SC;Secure Things |
| ID-Nummer: | TUD-CS-2013-0207 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 04 Aug 2016 10:13 |
| Letzte Änderung: | 03 Jun 2018 21:31 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum