The wide adoption of non-executable page protections in recent versions of popular operating systems has given rise to attacks that employ return-oriented programming (ROP) to achieve arbitrary code execution without the injection of any code. Existing defenses against ROP exploits either require source code or symbolic debugging information, or impose a significant runtime overhead, which limits their applicability for the protection of third-party applications. In this paper we present in-place code randomization, a practical mitigation technique against ROP attacks that can be applied directly on third-party software. Our method uses various narrow-scope code transformations that can be applied statically, without changing the location o...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Abstract—Since the day it was proposed, return-oriented programming has shown to be an effective and...
With the increased popularity of embedded devices, low-level programming languages like C and C++ ar...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Despite the numerous prevention and protection mechanisms that have been introduced into modern oper...
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software de...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Abstract—Through randomization of the memory space and the confinement of code to non-data pages, co...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Abstract—Since the day it was proposed, return-oriented programming has shown to be an effective and...
With the increased popularity of embedded devices, low-level programming languages like C and C++ ar...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Despite the numerous prevention and protection mechanisms that have been introduced into modern oper...
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software de...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Abstract—Through randomization of the memory space and the confinement of code to non-data pages, co...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Abstract—Since the day it was proposed, return-oriented programming has shown to be an effective and...
With the increased popularity of embedded devices, low-level programming languages like C and C++ ar...