2019
DOI: 10.1007/978-3-030-29959-0_5
|View full text |Cite
|
Sign up to set email alerts
|

The Leakage-Resilience Dilemma

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
4
0

Year Published

2019
2019
2022
2022

Publication Types

Select...
3
3
1

Relationship

0
7

Authors

Journals

citations
Cited by 8 publications
(4 citation statements)
references
References 41 publications
0
4
0
Order By: Relevance
“…Furthermore, comparing to timebased continuous re-randomization techniques such as Shuffler [88] and CodeArmor [29] which almost always maintain two copies of code, MARDU's memory saving for libc is ≈1-1.2 GB. Backes et al [22] and Ward et al [85] also highlighted the code sharing problem in randomization techniques and reported a similar amount of memory savings by sharing randomized code. Finally, note that the use of shadow stack does not increase runtime memory footprint because MARDU solely relocates return address from the normal stack to the shadow stack.…”
Section: Scalability Evaluationmentioning
confidence: 93%
See 1 more Smart Citation
“…Furthermore, comparing to timebased continuous re-randomization techniques such as Shuffler [88] and CodeArmor [29] which almost always maintain two copies of code, MARDU's memory saving for libc is ≈1-1.2 GB. Backes et al [22] and Ward et al [85] also highlighted the code sharing problem in randomization techniques and reported a similar amount of memory savings by sharing randomized code. Finally, note that the use of shadow stack does not increase runtime memory footprint because MARDU solely relocates return address from the normal stack to the shadow stack.…”
Section: Scalability Evaluationmentioning
confidence: 93%
“…Particularly, in techniques directly using code address [25] or code offset [29], p+o could be even a ROP gadget in f() if the attacker knows the gadgets offset o beforehand. Ward et al [85] has recently demonstrated that this attack is possible against TASR.…”
Section: Attacks Against Continuous Re-randomizationmentioning
confidence: 96%
“…For example, there may be no gadgets to load function arguments passed through registers. Ward et al [65] proposed a method that allows using gadgets from dynamically linked libraries, whose base addresses are randomized. It is assumed that the base address of the vulnerable executable file is not therewith randomized.…”
Section: Using Gadgets From a Randomized Librarymentioning
confidence: 99%
“…If necessary, gadget parameters are subject to the same changes. When building chains, the authors, by analogy with the work of Ward et al [65], are limited to a memory paragraph with respect to pointers located on program stack. This forces them also to use gadgets ending in call instructions.…”
mentioning
confidence: 99%