We introduce a reuse-oriented camouflaging attack – a new threat to legal software binaries. To perform a malicious action, such an attack will identify and reuse an existing function in a legal binary program instead of implementing the function itself. Fur-thermore, the attack is stealthy in that the malicious invocation of a targeted function usually takes place in a location where it is legal to do so, closely mimicking a legal invocation. At the network level, the victim binary can still follow its communication protocol without exhibiting any anomalous behavior. Meanwhile, many close-source shareware binaries are rich in functions that can be maliciously “reused”, making them attractive targets of this type of attack. In this paper, w...
International audienceThis chapter deals with applications where watermarking is a security primitiv...
Despite the broad diversity of attacks and the many different ways an adversary can exploit a system...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
Abstract—Code Reuse Attacks (CRAs) recently emerged as a new class of security exploits. CRAs constr...
When exploiting software vulnerabilities such as buffer overflows, code reuse techniques are often u...
During a cyber-attack, an adversary executes offensive maneuvers to target computer systems. Particu...
Modern computing platforms have progressed to more secure environments with various defensive techni...
Code Reuse Attacks (CRAs) recently emerged as a new class of security exploits. CRAs construct malic...
Abstract. Fighting against computer malware require a mandatory step of reverse engineering. As soon...
We present a practical tool for inserting security features against low-level software attacks into ...
Part 6: Source Code SecurityInternational audienceCode reusing is a common practice in software deve...
There is implicit trust involved when using computer software. Open-source software attempts to insp...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
International audienceThis chapter deals with applications where watermarking is a security primitiv...
Despite the broad diversity of attacks and the many different ways an adversary can exploit a system...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...
Abstract—Code Reuse Attacks (CRAs) recently emerged as a new class of security exploits. CRAs constr...
When exploiting software vulnerabilities such as buffer overflows, code reuse techniques are often u...
During a cyber-attack, an adversary executes offensive maneuvers to target computer systems. Particu...
Modern computing platforms have progressed to more secure environments with various defensive techni...
Code Reuse Attacks (CRAs) recently emerged as a new class of security exploits. CRAs construct malic...
Abstract. Fighting against computer malware require a mandatory step of reverse engineering. As soon...
We present a practical tool for inserting security features against low-level software attacks into ...
Part 6: Source Code SecurityInternational audienceCode reusing is a common practice in software deve...
There is implicit trust involved when using computer software. Open-source software attempts to insp...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
International audienceThis chapter deals with applications where watermarking is a security primitiv...
Despite the broad diversity of attacks and the many different ways an adversary can exploit a system...
Run-time attacks have plagued computer systems for more than three decades, with control-flow hijack...