Web browsers are one of the most used, complex and popular software systems nowadays. They are prone to use-after-free vulnerabilites and this is the de-facto way to exploit them. From a technical point of view, an attacker uses a technique called vtable hijacking to exploit such bugs. More specifically, she crafts bogus virtual tables and lets a freed C++ object point to it in order to gain control over the program at virtual function call sites. In this paper, we present a novel approach towards mitigating and detecting such attacks against C++ binary code. We propose a static binary analysis technique to extract virtual function call site information in an automated way. Leveraging this information, we instru-ment the given binary execut...
As VTable hijacking becomes the primary mode of ex-ploitation against modern browsers, protecting sa...
As VTable hijacking becomes the primary mode of ex-ploitation against modern browsers, protecting sa...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Abstract-Several defenses have increased the cost of traditional, low-level attacks that corrupt con...
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly incre...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
© 2017 Association for Computing Machinery. We present, Vip, an approach to boosting the precision o...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
C++ and Microsoft's Component Object Model (COM) are examples of a high- level lan- guage and develo...
Web browsers are one of the most security-critical applications that billions of people use to acces...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for larg...
As VTable hijacking becomes the primary mode of ex-ploitation against modern browsers, protecting sa...
As VTable hijacking becomes the primary mode of ex-ploitation against modern browsers, protecting sa...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Abstract-Several defenses have increased the cost of traditional, low-level attacks that corrupt con...
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly incre...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
© 2017 Association for Computing Machinery. We present, Vip, an approach to boosting the precision o...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
C++ and Microsoft's Component Object Model (COM) are examples of a high- level lan- guage and develo...
Web browsers are one of the most security-critical applications that billions of people use to acces...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for larg...
As VTable hijacking becomes the primary mode of ex-ploitation against modern browsers, protecting sa...
As VTable hijacking becomes the primary mode of ex-ploitation against modern browsers, protecting sa...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...