Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effectively mitigate code reuse attacks. However, a recent attack strategy, dubbed just-in-time return oriented programming (JIT-ROP), circumvents code randomization by disclosing the (randomized) content of many memory pages at runtime. In order to remedy this situation, new and improved code randomization defenses have been proposed. The contribution of this paper is twofold: first, we conduct a security analysis of a recently proposed fine-grained ASLR scheme that aims at mitigating JIT-ROP based on hiding direct code references in branch instructions. In particular, we demonstrate its weaknesses by constructing a novel JIT-ROP attack that i...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
The wide adoption of non-executable page protections in recent versions of popular operating systems...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Abstract—The wide adoption of non-executable page protec-tions in recent versions of popular operati...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
The wide adoption of non-executable page protections in recent versions of popular operating systems...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...