Building Secure Defenses Against Code-Reuse Attacks

This book provides an in-depth look at return-oriented programming attacks. It explores several conventional return-oriented programming attacks and analyzes the effectiveness of defense techniques including address space layout randomization (ASLR)

  • PDF / 1,740,049 Bytes
  • 83 Pages / 439.42 x 666.14 pts Page_size
  • 5 Downloads / 215 Views

DOWNLOAD

REPORT


Lucas Davi Ahmad-Reza Sadeghi

Building Secure Defenses Against Code-Reuse Attacks

123

SpringerBriefs in Computer Science

Series Editors Stan Zdonik Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin (Sherman) Shen Borko Furht V.S. Subrahmanian Martial Hebert Katsushi Ikeuchi Bruno Siciliano Sushil Jajodia Newton Lee

More information about this series at http://www.springer.com/series/10028

Lucas Davi • Ahmad-Reza Sadeghi

Building Secure Defenses Against Code-Reuse Attacks

123

Lucas Davi CASED Technische Universität Darmstadt Darmstadt, Germany

Ahmad-Reza Sadeghi CASED Technische Universität Darmstadt Darmstadt, Germany

ISSN 2191-5768 ISSN 2191-5776 (electronic) SpringerBriefs in Computer Science ISBN 978-3-319-25544-6 ISBN 978-3-319-25546-0 (eBook) DOI 10.1007/978-3-319-25546-0 Library of Congress Control Number: 2015958780 Springer Cham Heidelberg New York Dordrecht London © The Author(s) 2015 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper Springer International Publishing AG Switzerland is part of Springer Science+Business Media (www. springer.com)

Foreword

Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almost three decades, and no end seems to be in sight. In particular, code-reuse techniques such as return-oriented programming are extensively used to exploit memory corruption vulnerabilities in modern software programs, e.g. web browsers, document viewers, or zero-day issues in large-scale cyberattacks such as Stuxnet. Whereas conventional runtime exploits require the injection of malicious code, code-reuse attacks leverage benign code that is already present in the address space of an application to undermine the security model of data execution prevention (DEP). In addition, code-reuse attacks in conjunction with memory disclosure attack techniques circumvent the widely applied memory protection model of address space layout randomization (ASLR). To coun