Address-space layout randomization is a wellestablished defense against code-reuse attacks. However, it can be completely bypassed by just-in-time code-reuse attacks that rely on information disclosure of code addresses via memory or side-channel exposure. To address this fundamental weakness, much recent research has focused on detecting and mitigating information disclosure. The assumption being that if we perfect such techniques, we will not only maintain layout secrecy but also stop code reuse. In this paper, we demonstrate that an advanced attacker can mount practical code-reuse attacks even in the complete absence of information disclosure. To this end, we present Position-Independent Code-Reuse Attacks, a new class of codereuse attac...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
The wide adoption of non-executable page protections in recent versions of popular operating systems...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have rec...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Abstract—To strengthen systems against code injection attacks, the write or execute only policy (W⊕X...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
The wide adoption of non-executable page protections in recent versions of popular operating systems...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have rec...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Abstract—To strengthen systems against code injection attacks, the write or execute only policy (W⊕X...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
The wide adoption of non-executable page protections in recent versions of popular operating systems...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...