Linkers and Loaders
Building Diverse Computer Systems
HOTOS '97 Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI)
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A framework for automated architecture-independent gadget search
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Exploiting the hard-working DWARF: trojan and exploit techniques with no native executable code
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Return-Oriented Programming: Systems, Languages, and Applications
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
| Hi-index | 0.00 |
Although software exploitation historically started as an exercise in coaxing the target's execution into attacker-supplied binary shellcode, it soon became a practical study in pushing the limits of unexpected computation that could be caused by crafted data not containing any native code. We show how the ABI metadata that drives the creation of a process' runtime can also drive arbitrary computation. We introduce our design and implementation of Cobbler, a proof-of-concept toolkit capable of compiling a Turing-complete language into well-formed ELF executable metadata that get "executed" by the runtime loader (RTLD). Our proof-of-concept toolkit highlights how important it is that defenders expand their focus beyond the code and data sections of untrusted binaries, both in static analysis and in the dynamic analysis of the early runtime setup stages as well as any time the RTLD is invoked.