On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Randomized instruction set emulation
ACM Transactions on Information and System Security (TISSEC)
Where's the FEEB? the effectiveness of instruction set randomization
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Automating mimicry attacks using static binary analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Swarm Attacks against Network-Level Emulation/Analysis
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Code injection attacks on harvard-architecture devices
Proceedings of the 15th ACM conference on Computer and communications security
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Real-world buffer overflow protection for userspace & kernelspace
SS'08 Proceedings of the 17th conference on Security symposium
Multi-aspect profiling of kernel rootkit behavior
Proceedings of the 4th ACM European conference on Computer systems
Filter-resistant code injection on ARM
Proceedings of the 16th ACM conference on Computer and communications security
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Toward Revealing Kernel Malware Behavior in Virtual Execution Environments
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
Low-level software security: attacks and defenses
Foundations of security analysis and design IV
ACM Transactions on Computer Systems (TOCS)
Malicious shellcode detection with virtual memory snapshots
INFOCOM'10 Proceedings of the 29th conference on Information communications
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Half-blind attacks: mask ROM bootloaders are dangerous
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
xJS: practical XSS prevention for web application development
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Robusta: taming the native beast of the JVM
Proceedings of the 17th ACM conference on Computer and communications security
Proceedings of the 17th ACM conference on Computer and communications security
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
SBAP: software-based attestation for peripherals
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
SegSlice: towards a new class of secure programming primitives for trustworthy platforms
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Secure code update for embedded devices via proofs of secure erasure
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
E unibus pluram: massive-scale software diversity as a defense mechanism
Proceedings of the 2010 workshop on New security paradigms
VM-based security overkill: a lament for applied systems security research
Proceedings of the 2010 workshop on New security paradigms
G-Free: defeating return-oriented programming through gadget-less binaries
Proceedings of the 26th Annual Computer Security Applications Conference
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
A framework for automated architecture-independent gadget search
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Efficient detection of the return-oriented programming malicious code
ICISS'10 Proceedings of the 6th international conference on Information systems security
Return-oriented rootkit without returns (on the x86)
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Artificial malware immunization based on dynamically assigned sense of self
ISC'10 Proceedings of the 13th international conference on Information security
Privilege escalation attacks on android
ISC'10 Proceedings of the 13th international conference on Information security
Ensuring operating system kernel integrity with OSck
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Automatic construction of jump-oriented programming shellcode (on the x86)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Jump-oriented programming: a new class of code-reuse attack
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
ROPdefender: a detection tool to defend against return-oriented programming attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
Address space randomization for mobile devices
Proceedings of the fourth ACM conference on Wireless network security
Security versus energy tradeoffs in host-based mobile malware detection
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Code pointer masking: hardening applications against code injection attacks
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Exploiting the hard-working DWARF: trojan and exploit techniques with no native executable code
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
Filter-resistant code injection on ARM
Journal in Computer Virology
Revisiting address space randomization
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
Proceedings of the 18th ACM conference on Computer and communications security
Hello rootKitty: a lightweight invariance-enforcing framework
ISC'11 Proceedings of the 14th international conference on Information security
HyperCrop: a hypervisor-based countermeasure for return oriented programming
ICICS'11 Proceedings of the 13th international conference on Information and communications security
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Mitigating code-reuse attacks with control-flow locking
Proceedings of the 27th Annual Computer Security Applications Conference
deRop: removing return-oriented programming from malware
Proceedings of the 27th Annual Computer Security Applications Conference
Poster: control-flow integrity for smartphones
Proceedings of the 18th ACM conference on Computer and communications security
Linux kernel vulnerabilities: state-of-the-art defenses and open problems
Proceedings of the Second Asia-Pacific Workshop on Systems
Return-Oriented Programming: Systems, Languages, and Applications
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Protecting applications against TOCTTOU races by user-space caching of file metadata
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
On leveraging stochastic models for remote attestation
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
A sense of others: behavioral attestation of UNIX processes on remote platforms
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Dymo: tracking dynamic code identity
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Packed, printable, and polymorphic return-oriented programming
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
On the expressiveness of return-into-libc attacks
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Prevent kernel return-oriented programming attacks using hardware virtualization
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Branch regulation: low-overhead protection from code reuse attacks
Proceedings of the 39th Annual International Symposium on Computer Architecture
Recent developments in low-level software security
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Jump oriented programming on windows platform (on the x86)
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part III
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
When good services go wild: reassembling web services for unintended purposes
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Microgadgets: size does matter in turing-complete return-oriented programming
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Frankenstein: stitching malware from benign binaries
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Proceedings of the 2012 ACM conference on Computer and communications security
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
Binary stirring: self-randomizing instruction addresses of legacy x86 binary code
Proceedings of the 2012 ACM conference on Computer and communications security
Marlin: making it harder to fish for gadgets
Proceedings of the 2012 ACM conference on Computer and communications security
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Proceedings of the 2012 workshop on New security paradigms
There is safety in numbers: preventing control-flow hijacking by duplication
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Using memory management to detect and extract illegitimate code for malware analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Down to the bare metal: using processor features for binary analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Securing untrusted code via compiler-agnostic binary rewriting
Proceedings of the 28th Annual Computer Security Applications Conference
Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks
Proceedings of the 28th Annual Computer Security Applications Conference
String oriented programming: when ASLR is not enough
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Moving target defense (MTD) in an adaptive execution environment
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
SMARTPROXY: secure smartphone-assisted login on compromised machines
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
BISSAM: automatic vulnerability identification of office documents
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
PSiOS: bring your own privacy & security to iOS devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
Security bugs in embedded interpreters
Proceedings of the 4th Asia-Pacific Workshop on Systems
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Monitor integrity protection with space efficiency and separate compilation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
ASIST: architectural support for instruction set randomization
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Librando: transparent code randomization for just-in-time compilers
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
HeapSentry: kernel-assisted protection against heap overflows
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
"Weird machines" in ELF: a spotlight on the underappreciated metadata
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
The page-fault weird machine: lessons in instruction-less computation
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Transparent ROP exploit mitigation using indirect branch tracing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Jekyll on iOS: when benign apps become evil
SEC'13 Proceedings of the 22nd USENIX conference on Security
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 2013 workshop on New security paradigms workshop
RopSteg: program steganography with return oriented programming
Proceedings of the 4th ACM conference on Data and application security and privacy
Design and implementation of an efficient framework for behaviour attestation using n-call slides
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Communications of the ACM
| Hi-index | 0.02 |
We present new techniques that allow a return-into-libc attack to be mounted on x86 executables that calls no functions at all. Our attack combines a large number of short instruction sequences to build gadgets that allow arbitrary computation. We show how to discover such instruction sequences by means of static analysis. We make use, in an essential way, of the properties of the x86 instruction set.