Abstract—Code-reuse attacks such as return-oriented pro-gramming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems. In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the at...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...