Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems. In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the attacker rea...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent researc...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...