TU Darmstadt / ULB / TUbiblio

XIFER: A Software Diversity Tool Against Code-Reuse Attacks

Davi, Lucas ; Dmitrienko, Alexandra ; Nürnberger, Stefan ; Sadeghi, Ahmad-Reza (2012)
XIFER: A Software Diversity Tool Against Code-Reuse Attacks.
Conference or Workshop Item, Bibliographie

Abstract

The enormous growth of mobile devices and their app markets has raised many security and privacy concerns. Runtime attacks seem to be a major threat, in particular, code-reuse attacks that do not require any external code injection (e.g., return-to-libc or return-oriented programming).

We present, for the first time, a code transformation tool that completely mitigates code-reuse attacks by applying software diversity to the binary at runtime. Our tool XIFER (1) randomly diversifies the code of an application over the entire memory for each invocation, (2) requires no source code or any static analysis, (3) can be applied to both Intel x86 and ARM Linux executables, and (4) induces a negligible runtime overhead of only 1% in average.

Item Type: Conference or Workshop Item
Erschienen: 2012
Creators: Davi, Lucas ; Dmitrienko, Alexandra ; Nürnberger, Stefan ; Sadeghi, Ahmad-Reza
Type of entry: Bibliographie
Title: XIFER: A Software Diversity Tool Against Code-Reuse Attacks
Language: German
Date: August 2012
Book Title: 4th ACM International Workshop on Wireless of the Students, by the Students, for the Students (S3 2012)
Corresponding Links:
Abstract:

The enormous growth of mobile devices and their app markets has raised many security and privacy concerns. Runtime attacks seem to be a major threat, in particular, code-reuse attacks that do not require any external code injection (e.g., return-to-libc or return-oriented programming).

We present, for the first time, a code transformation tool that completely mitigates code-reuse attacks by applying software diversity to the binary at runtime. Our tool XIFER (1) randomly diversifies the code of an application over the entire memory for each invocation, (2) requires no source code or any static analysis, (3) can be applied to both Intel x86 and ARM Linux executables, and (4) induces a negligible runtime overhead of only 1% in average.

Uncontrolled Keywords: Secure Things;Secure Models
Identification Number: TUD-CS-2012-0135
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > EC SPRIDE
Date Deposited: 04 Aug 2016 10:13
Last Modified: 03 Jun 2018 21:31
PPN:
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details