2018
DOI: 10.1186/s42400-018-0003-x
|View full text |Cite
|
Sign up to set email alerts
|

Feedback control can make data structure layout randomization more cost-effective under zero-day attacks

Abstract: In the wake of the research community gaining deep understanding about control-hijacking attacks, data-oriented attacks have emerged. Among data-oriented attacks, data structure manipulation attack (DSMA) is a major category.Pioneering research was conducted and shows that DSMA is able to circumvent the most effective defenses against control-hijacking attacks -DEP, ASLR and CFI. Up to this day, only two defense techniques have demonstrated their effectiveness: Data Flow Integrity (DFI) and Data Structure Layo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2018
2018
2020
2020

Publication Types

Select...
2
1
1

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(1 citation statement)
references
References 9 publications
0
1
0
Order By: Relevance
“…For example, Bigelow et al [5] randomize the memory address layout of the programs in individual hosts to make vulnerabilities more difficult to be exploited. In addition, Chen et al [6] and Xin et al [49] randomize the layout of data structures to prevent attacks from correctly locating target data objects and further manipulating them. For computer networks, diversity is a widely used technique that equips computers with randomized implementations of software, operating systems, or hardware platforms to force attackers to target each computer individually, substantially raising the bar on network-level threats.…”
Section: Related Workmentioning
confidence: 99%
“…For example, Bigelow et al [5] randomize the memory address layout of the programs in individual hosts to make vulnerabilities more difficult to be exploited. In addition, Chen et al [6] and Xin et al [49] randomize the layout of data structures to prevent attacks from correctly locating target data objects and further manipulating them. For computer networks, diversity is a widely used technique that equips computers with randomized implementations of software, operating systems, or hardware platforms to force attackers to target each computer individually, substantially raising the bar on network-level threats.…”
Section: Related Workmentioning
confidence: 99%