Fine-Grained Address Space Layout Randomization on Program Load (original) (raw)

REFERENCES

  1. CVE Details website: Vulnerabilities by date. http:// www.cvedetails.com/browse-by-date.php
  2. Roemer, R., Bbuchanan, E., Shacham, H., and Savage, S., “Return-oriented programming: Systems, languages, and applications,” ACM Trans. Inf. Syst. Secur. 2012, vol. 15, no. 1, pp. 2–34. https://doi.acm.org/ 10.1145/2133375.2133377
    Article Google Scholar
  3. Sadeghi, A., Niksefat, S., and Rostamipour, M., “Pure-Call oriented programming (PCOP): Chaining the gadgets using call instructions,” J. Comput. Virology Hacking Techniques, 2017, no. 434, pp. 1–18. https:// doi.org/ doi 10.1007/s11416-017-0299-1
  4. Bletsch, T., Jiang, X., Freeh, V., Liang, W., and Liang, Zh., “Jump-oriented programming: A new class of code-reuse attack,” Proc. of the 6th ACM Symposium on Information, Computer and Communications Security,” 2011, pp. 30–40. https://doi.acm.org/10.1145/1966913\. 1966919
    Google Scholar
  5. Hu, H., Shinde, Sh., Adrian, S., Chua, Z.L., Saxena, P., and Liang, Zh., “Data-Oriented programming: On the expressiveness of non-control data attacks,” IEEE Symposium on Security and Privacy (SP), 2016,pp. 969–986. https://doi.org/ doi 10.1109/SP.2016.6210.1109/ SP.2016.62
  6. Shacham, H., “The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86),” in Proc. of the 14th ACM Conf. on Computer and communications security, 2007, pp. 552–561. https:// doi.org/doi10.1145/1315245.131531310.1145/1315245. 1315313
  7. Bittau, A., Belay, A., Mashtizadeh, A., et al., “Hacking blind,” in Proc. of the 2014 IEEE Symposium on Security and Privacy, 2014, pp. 227–242. https://dx.doi.org/ doi 10.1109/SP.2014.2210.1109/SP.2014.22
  8. Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J., “Control-flow integrity principles, implementations, and applications,” ACM Trans. Inf. Syst. Secur., 2009, vol. 13, no. 1, pp. 4–40. https://doi.acm.org/10.1145/ 1609956.1609960
    Article Google Scholar
  9. Mashtizadeh, A.J., Bittau, A., Boneh, D., and Mazieres, D., “Ccfi: Cryptographically enforced control flow integrity,” in Proc. of the Sixth ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 941–951. https://doi.acm.org/10.1145/ 2810103. 2813676
  10. Christoulakis, N., Christou, G., Athanasopoulos, E., Ioannidis, S., “Hcfi: Hardware-enforced control-flow integrity,” in Proc. of the Sixth ACM Conference on Data and Application Security and Privacy, 2016, pp. 38–49. https://doi.acm.org/10.1145/2857705.2857722
  11. Carlini, N., Barresi, A., Payer, M., et al., “Control-flow bending: On the effectiveness of control-flow integrity,” in Proc. of the 24th USENIX Conference on Security Symposium, 2015, pp. 161–176. http://dl.acm. org/citation.cfm?id(31143.2831154
  12. Lu, K., Nürnberger, S., Backes, M., and Lee, W., “How to make ASLR win the clone wars: Runtime re-randomization,” 23nd Annual Network and Distributed System Security Symposium, 2016.
  13. Nurmukhametov, A., Kurmangaleev, Sh., Kaushan, V., and Gaissaryan, S., “Application of compiler transformations against software vulnerabilities exploitation,” Program. Comput. Software, 2015, vol. 41, no. 4, pp. 231–236. https://doi.org/ doi 10.1134/ S0361768815040052
    Article Google Scholar
  14. Gupta, S., Kerr, M., Kirkpatrick, E., and Bertino, E., “Marlin: A fine grained randomization approach to defend against ROP attacks,” in Proc. of the 7th Int. Conf. on Network and System Security, 2013.
  15. Conti, M., Crane, S., Frassetto, T., et al., “Selfrando: Securing the Tor browser against de-anonymization exploits,” PoPETs, 2016, no. 4, pp. 454–469. http://dx. doi.org/. doi 10.1515/popets-2016-0050
  16. Davi, L., Dmitrienko, A., Nürnberger, S., and Sadeghi, A., “Gadge me if you can: Secure and efficient ad-hoc instruction-level randomization for x86 and AR,” in Proc. of the 8th ACM Symposium on Information, Computer and Communications Security, 2013.
  17. Backes, M. and Nurberger, S., “Oxymoron: Making fine-grained memory randomization practical by allowing code sharing,” in Proc. of the 23rd USENIX Security Symposium, 2014, pp. 433–447.
  18. Crane, S., and Homescu, A., and Larsen, P., “Code randomization: Haven’t we solved this problem yet?” Cybersecurity Development (SecDev), IEEE, 2016.
    Google Scholar
  19. Bigelow, D., Hobson, T., Rudd, R., et al. “Timely rerandomization for mitigating memory disclosures,” in Proc. of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 268–279. http://doi.acm.org/10.1145/2810103.2813691.
  20. Williams-King, D., Gobieski, G., Williams-King, K., et al. “Shuffler: Fast and deployable continuous code re-randomization,” in Proc. of the 12th USENIX Conference on Operating Systems Design and Implementation, 2016, pp. 367–382. http://dl.acm.org/citation. cfm?id026877.3026906.
  21. Payer, M., “Too much PIE is bad for performance,” Technical report. http://dx.doi.org/ doi 10.3929/ethz-a-007316742
  22. Coffman, J., Wellons, C., and Christopher, C., “ROP gadget prevalence and survival under compiler-based binary diversification schemes,” in Proc. of the 2016 ACM Workshop on Software Protection, 2016, pp. 15–26.
  23. Vishnyakov, A.V., “Classification of ROP gadgets,” Trudy ISP RAN, 2016, vol. 28, no. 6, pp. 27–36. http:// doi.acm.org/10.1145/2995306.2995309
  24. ROPgadget. https://github.com/JonathanSalwan/ROPgadget

Download references