Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables

Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables

Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W ⊕ X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables a...

Full description

Saved in:
Bibliographic Details
Main Authors: LIU, Limin, Han, JIN, GAO, Debin, JING, Jiwu, ZHA, Daren
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2011
Subjects:
address space randomization
position independent executable
return-oriented programming
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/2007
https://ink.library.smu.edu.sg/context/sis_research/article/3006/viewcontent/trustcom11.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-3006
record_format dspace
spelling sg-smu-ink.sis_research-30062014-02-04T11:54:04Z Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables LIU, Limin Han, JIN GAO, Debin JING, Jiwu ZHA, Daren Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W ⊕ X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables are also randomized at run-time are able to defend against return-oriented programming, as the addresses of all instructions are randomized. In this paper, we show that due to the weakness of current address space randomization technique, there are still ways of launching return-oriented programming attacks against those well-protected systems efficiently. We demonstrate and evaluate our attacks with existing typical web server applications and discuss possible methods of mitigating such threats. 2011-11-16T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2007 info:doi/10.1109/TrustCom.2011.9 https://ink.library.smu.edu.sg/context/sis_research/article/3006/viewcontent/trustcom11.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University address space randomization position independent executable return-oriented programming Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic address space randomization
position independent executable
return-oriented programming
Information Security
spellingShingle address space randomization
position independent executable
return-oriented programming
Information Security
LIU, Limin
Han, JIN
GAO, Debin
JING, Jiwu
ZHA, Daren
Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
description Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W ⊕ X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables are also randomized at run-time are able to defend against return-oriented programming, as the addresses of all instructions are randomized. In this paper, we show that due to the weakness of current address space randomization technique, there are still ways of launching return-oriented programming attacks against those well-protected systems efficiently. We demonstrate and evaluate our attacks with existing typical web server applications and discuss possible methods of mitigating such threats.
format text
author LIU, Limin
Han, JIN
GAO, Debin
JING, Jiwu
ZHA, Daren
author_facet LIU, Limin
Han, JIN
GAO, Debin
JING, Jiwu
ZHA, Daren
author_sort LIU, Limin
title Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
title_short Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
title_full Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
title_fullStr Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
title_full_unstemmed Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
title_sort launching return-oriented programming attacks against randomized relocatable executables
publisher Institutional Knowledge at Singapore Management University
publishDate 2011
url https://ink.library.smu.edu.sg/sis_research/2007
https://ink.library.smu.edu.sg/context/sis_research/article/3006/viewcontent/trustcom11.pdf
_version_ 1770571772074131456

Similar Items