2009 Annual Computer Security Applications Conference 2009
DOI: 10.1109/acsac.2009.16
|View full text |Cite
|
Sign up to set email alerts
|

Surgically Returning to Randomized lib(c)

Abstract: To strengthen systems against code injection attacks, the write or execute only policy (W⊕X) and address space layout randomization (ASLR) are typically used in combination. The former separates data and code, while the latter randomizes the layout of a process. In this paper we present a new attack to bypass W⊕X and ASLR. The state-of-the-art attack against this combination of protections is based on brute-force, while ours is based on the leakage of sensitive information about the memory layout of the proces… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
44
0

Year Published

2011
2011
2021
2021

Publication Types

Select...
6
2
1

Relationship

0
9

Authors

Journals

citations
Cited by 85 publications
(44 citation statements)
references
References 5 publications
0
44
0
Order By: Relevance
“…However, there are several attacks which can bypass or seriously limit ASLR, especially on the 32-bit x86 architecture [1]. Additionally, ASLR can be defeated by leakage of sensitive information about the memory layout of the process [30]. Therefore, while ASLR is certainly useful, it is not a silver bullet to the problem of code-reuse attacks.…”
Section: Related Workmentioning
confidence: 99%
“…However, there are several attacks which can bypass or seriously limit ASLR, especially on the 32-bit x86 architecture [1]. Additionally, ASLR can be defeated by leakage of sensitive information about the memory layout of the process [30]. Therefore, while ASLR is certainly useful, it is not a silver bullet to the problem of code-reuse attacks.…”
Section: Related Workmentioning
confidence: 99%
“…Even when using dynamically-linked libraries, it is common for the main program text to start at a known fixed location. Because of these limitations, ASLR-protected code is subject to attack [5,22,27].…”
Section: Instruction Location Transformation (Ilx)mentioning
confidence: 99%
“…It is important to point out that we do not make any assumptions about the attacker's methodology of executing malicious code. Thus, in our model, the attacker can utilize all the known ways of executing malicious code, i.e., injecting malicious shellcode in the process' address space [3,12], return2libc attacks [14,32] and return-oriented programming [10,33].…”
Section: Control-data Attacksmentioning
confidence: 99%