Code reuse attacks such as return-oriented programming are one of the most powerful threats to contemporary software. ASLR was introduced to impede these attacks by dispersing shared libraries and the executable in memory. However, in practice its entropy is rather low and, more importantly, the leakage of a single address reveals the position of a whole library in memory. The recent mitigation literature followed the route of randomization, applied it at different stages such as source code or the executable binary. However, the code segments still stay in one block. In contrast to previous work, our randomization solution, called Xifer, (1) disperses all code (executable and libraries) across the whole address space, (2) re-randomizes the...
Code injection attacks are a top threat to today's Internet. With zero-day attacks on the rise,...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Abstract—Since the day it was proposed, return-oriented programming has shown to be an effective and...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Abstract—Through randomization of the memory space and the confinement of code to non-data pages, co...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Summarization: Instruction Set Randomization (ISR) is able to protect against remote code injection ...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
Unlike library code, whose instruction addresses can be randomized by address space layout randomiza...
Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by rand...
Abstract—To strengthen systems against code injection attacks, the write or execute only policy (W⊕X...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Code injection attacks are a top threat to today's Internet. With zero-day attacks on the rise,...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Abstract—Since the day it was proposed, return-oriented programming has shown to be an effective and...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Abstract—Through randomization of the memory space and the confinement of code to non-data pages, co...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Summarization: Instruction Set Randomization (ISR) is able to protect against remote code injection ...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks, including return-oriented programming (ROP) and jump-oriented programming, bypas...
Abstract—Fine-grained address space layout randomization (ASLR) has recently been proposed as a meth...
Unlike library code, whose instruction addresses can be randomized by address space layout randomiza...
Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by rand...
Abstract—To strengthen systems against code injection attacks, the write or execute only policy (W⊕X...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Code injection attacks are a top threat to today's Internet. With zero-day attacks on the rise,...
Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of eff...
Abstract—Since the day it was proposed, return-oriented programming has shown to be an effective and...