Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems

Day, David; Zhao, Zhen

doi:10.1007/s11633-011-0606-0

Cited by 10 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We propose extending this to restrict all execution out of RAM regardless of the safety level of the corresponding application. While this does not prevent all stack based attacks as is the case with a return-to-libc attack [14], it does raise the difficulty level for mounting attacks on embedded systems. An attacker who attempts to violate this rule will immediately cause a CPU exception which can reset the system to restore it to a known secure state.…”

Section: Ram Execution Preventionmentioning

confidence: 99%

An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems

Nasser

Muralidharan

2017

JCSM

View full text Add to dashboard Cite

AUTOSAR, a worldwide development partnership among automotive parties to establish an open and standardized software architecture for electronic control units (ECUs), has seen great success in recent years by being widely adopted in deeply embedded automotive ECUs. Increasing the security resilience of AUTOSAR based systems is a crucial step in securing safety critical automotive systems. We study AUTOSAR safety mechanisms and demonstrate how they can be used as attack vectors to degrade the vehicle safety. We show the need to harmonize the fail-safe response with the secure state of the system. And we evaluate the overlap in the properties of safety mechanisms with security objectives to highlight methods for hardening automotive systems security.

show abstract

Section: Ram Execution Preventionmentioning

confidence: 99%

An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems

Nasser

Muralidharan

2017

JCSM

View full text Add to dashboard Cite

show abstract

“…In this paper, ASLR refers to randomizing the start address of dynamically linked library, which usually means randomization of default settings. Currently, modern operating systems use W⊕X and ASLR together to prevent control-flow hijacking [20]. This is also two system protections that are mainly bypassed in this paper.…”

Section: B W⊕x and Aslrmentioning

confidence: 99%

ARG: Automatic ROP Chains Generation

et al. 2019

View full text Add to dashboard Cite

Return Oriented Programming (ROP) chains attack has been widely used to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection. However, the generation technology for ROP chains is still in a state of manual coding. While, current techniques for automatically generating ROP chains are still insufficiently researched and have few successful applications. On the other hand, the existing methods are based on using Intermediate Language (IL) which is in order to translate the semantics of original instructions for symbolic execution, and then fill in a predefined gadget arrangement to automatically construct a gadget list. This kind of methods may bring following problems:(1) when converting semantics of original to IL, there is a large amount of overhead time, critical instructions may be discarded; (2) the process of populating a predetermined gadget arrangement is inflexible and may fail to construct ROP chains due to address mismatching. In this paper, we propose the Automatic ROP chains Generation (ARG) which is the first fully automatic ROP chains generation tool without using IL. Tested with data from 6 open-source international Capture The Flag (CTF) competitions and 3 Common Vulnerabilities & Exposures (CVE)s, this technology successfully generated ROP chains for all of them. According to the obtained results, our technique can automatically create ROP payloads and reduce up to 80% of ROP exploit payloads. It takes only 3-5 seconds to exploit successfully, compared to manual analysis for at least 60 minutes, as well as it can effectively bypass both Write XOR Execute (W⊕X) and ASLR.INDEX TERMS AMOCO, automatic exploit generation, return oriented programming, satisfiability modulo theories, Z3 solver.

show abstract

“…The increasing popularity of cloud computing combined with the limitations of traditional host based protection systems have added to the popularity of NIDS implementation [1]. The most common method of NIDS operation is signature based, in which packets are examined for patterns which are associated with, or known to be hazardous.…”

Section: Introductionmentioning

confidence: 99%

Accurate shellcode recognition from network traffic data using artificial neural nets

Onotu

Day

Rodrigues

2015

2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE)

View full text Add to dashboard Cite

Abstract-This paper presents an approach to shellcode recognition directly from network traffic data using a multi-layer perceptron with back-propagation learning algorithm. Using raw network data composed of a mixture of shellcode, image files, and DLL-Dynamic Link Library files, our proposed design was able to classify the three types of data with high accuracy and high precision with neither false positives nor false negatives. The proposed method comprises simple and fast pre-processing of raw data of a fixed length for each network data package and yields perfect results with 100% accuracy for the three data types considered. The research is significant in the context of network security and intrusion detection systems. Work is under way for real time recognition and fine-tuning the differentiation between various shellcodes.

show abstract

Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems

Cited by 10 publications

References 15 publications

An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems

An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems

ARG: Automatic ROP Chains Generation

Accurate shellcode recognition from network traffic data using artificial neural nets

Contact Info

Product

Resources

About