Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce the development of code reuse attacks in recent years together with control flow integrity (CFI). I will give a deep insight in the CFI based on the binary code and demonstrate how limited those mitigations are against sophisticated code reuse attacks. TypeArmor and vfGuard are believed to be sufficient in defending against vtable reuse attacks. Both techniques use semantic information as the control flow integrity enforcement policy. We propose Layered Object-Oriented Programming (LOOP), an advanced vtable reuse attack, to show that the coarse-grained CFI strategies are still vulnerable to vtable reuse attacks. In LOOP, we introduce argum...
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and ...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and ...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
DCG (Dynamic Code Generation) technologies have found widely applications in the Web 2.0 era, Dion B...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and ...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...