On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Surgically Returning to Randomized lib(c)
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
| Hi-index | 0.00 |
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypass defenses against code injection by repurposing existing executable code in application binaries and shared libraries toward a malicious end. A common feature of these attacks is the reliance on the knowledge of the layout of the executable code. We propose a fine grained randomization based approach that modifies the layout of executable code and hinders code-reuse attack. Our solution consists solely of a modified dynamic loader that randomizes the internal structure of the executable code, thereby denying the attacker the necessary apriori knowledge for constructing the desired sequence of gadgets. Our approach has the advantage that it can be applied to any ELF binary and every execution of this binary uses a different randomization. We describe the initial implementation of Marlin, a customized loader for randomization of executable code. Our work shows that such an approach is feasible and significantly increases the level of security against code-reuse attacks.