Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
Proceedings of the 12th ACM conference on Computer and communications security
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Lurking in the Shadows: Identifying Systemic Threats to Kernel Data
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
Defending embedded systems against control flow attacks
Proceedings of the first ACM workshop on Secure execution of untrusted code
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
SBAP: software-based attestation for peripherals
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
SegSlice: towards a new class of secure programming primitives for trustworthy platforms
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
HookScout: proactive binary-centric hook detection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
dAnubis: dynamic device driver analysis based on virtual machine introspection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Kernel malware analysis with un-tampered and temporal views of dynamic kernel memory
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
VM-based security overkill: a lament for applied systems security research
Proceedings of the 2010 workshop on New security paradigms
G-Free: defeating return-oriented programming through gadget-less binaries
Proceedings of the 26th Annual Computer Security Applications Conference
Analyzing and improving Linux kernel memory protection: a model checking approach
Proceedings of the 26th Annual Computer Security Applications Conference
Return-oriented rootkit without returns (on the x86)
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Ensuring operating system kernel integrity with OSck
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Automatic construction of jump-oriented programming shellcode (on the x86)
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Jump-oriented programming: a new class of code-reuse attack
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
ROPdefender: a detection tool to defend against return-oriented programming attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Characterizing kernel malware behavior with kernel data access patterns
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Exploiting the hard-working DWARF: trojan and exploit techniques with no native executable code
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
Revisiting address space randomization
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Hello rootKitty: a lightweight invariance-enforcing framework
ISC'11 Proceedings of the 14th international conference on Information security
HyperCrop: a hypervisor-based countermeasure for return oriented programming
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Mitigating code-reuse attacks with control-flow locking
Proceedings of the 27th Annual Computer Security Applications Conference
deRop: removing return-oriented programming from malware
Proceedings of the 27th Annual Computer Security Applications Conference
BareBox: efficient malware analysis on bare-metal
Proceedings of the 27th Annual Computer Security Applications Conference
Poster: control-flow integrity for smartphones
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the Second Asia-Pacific Workshop on Systems
Return-Oriented Programming: Systems, Languages, and Applications
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Packed, printable, and polymorphic return-oriented programming
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
On the expressiveness of return-into-libc attacks
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Barrier: a lightweight hypervisor for protecting kernel integrity via memory isolation
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Branch regulation: low-overhead protection from code reuse attacks
Proceedings of the 39th Annual International Symposium on Computer Architecture
kGuard: lightweight kernel protection against return-to-user attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AutoDunt: dynamic latent dependence analysis for detection of zero day vulnerability
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Microgadgets: size does matter in turing-complete return-oriented programming
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Assessing the trustworthiness of drivers
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Information Sciences: an International Journal
InkTag: secure applications on an untrusted operating system
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Run-time control flow authentication: an assessment on contemporary x86 platforms
Proceedings of the 28th Annual ACM Symposium on Applied Computing
"Weird machines" in ELF: a spotlight on the underappreciated metadata
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Jekyll on iOS: when benign apps become evil
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proceedings of the 2013 workshop on New security paradigms workshop
DroidBarrier: know what is executing on your android
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Protecting the kernel of an operating system against attacks, especially injection of malicious code, is an important factor for implementing secure operating systems. Several kernel integrity protection mechanism were proposed recently that all have a particular shortcoming: They cannot protect against attacks in which the attacker re-uses existing code within the kernel to perform malicious computations. In this paper, we present the design and implementation of a system that fully automates the process of constructing instruction sequences that can be used by an attacker for malicious computations. We evaluate the system on different commodity operating systems and show the portability and universality of our approach. Finally, we describe the implementation of a practical attack that can bypass existing kernel integrity protection mechanisms.