Proceedings Article10.1145/1030083.1030124
On the effectiveness of address-space randomization
Hovav Shacham,Matthew Page,Ben Pfaff,Eu-Jin Goh,Nagendra Modadugu,Dan Boneh +5 more
- 25 Oct 2004
- pp 298-307
TL;DR: Aderandomization attack is demonstrated that will convert any standard buffer-overflow exploit into an exploit that works against systems protected by address-space randomization, and it is concluded that, on 32-bit architectures, the only benefit of PaX-like address- space randomization is a small slowdown in worm propagation speed.
read more
Abstract: Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system components. This mechanism is available for both Linux (via PaX ASLR) and OpenBSD. We study the effectiveness of address-space randomization and find that its utility on 32-bit architectures is limited by the number of bits available for address randomization. In particular, we demonstrate a derandomization attack that will convert any standard buffer-overflow exploit into an exploit that works against systems protected by address-space randomization. The resulting exploit is as effective as the original exploit, although it takes a little longer to compromise a target machine: on average 216 seconds to compromise Apache running on a Linux PaX ASLR system. The attack does not require running code on the stack.We also explore various ways of strengthening address-space randomization and point out weaknesses in each. Surprisingly, increasing the frequency of re-randomizations adds at most 1 bit of security. Furthermore, compile-time randomization appears to be more effective than runtime randomization. We conclude that, on 32-bit architectures, the only benefit of PaX-like address-space randomization is a small slowdown in worm propagation speed. The cost of randomization is extra complexity in system support.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Static Binary Instrumentation with Applications to COTS Software Security
Mingwei Zhang
- 01 Jan 2015
TL;DR: PSI integrates a coarse grained control flow integrity (CFI) property as the basis of secure, nonbypassable instrumentation, and provides a powerful API that simplifies the development of custom instrumentations.
3
•Dissertation
Identifying Memory Address Disclosures
John North
- 01 Jan 2015
TL;DR: This thesis introduces the first published technique to be able to reliably identify specific classes of leaks, particularly address disclosures and canary-disclosures, and discusses the importance of these disclosures, both currently and in the future.
Return address randomization scheme for annuling data-injection buffer overflow attacks
Deok Kim,Tae-Hyung Kim,Jong Kim,Sung Je Hong +3 more
- 29 Nov 2006
TL;DR: An enhanced defense scheme randomizing not only the instruction sets but also the return addresses is proposed that can defend software systems against data-injection BOF attacks as well as code- injection BOf attacks without significant extra overheads.
3
•Dissertation
Attacking and Defending Emerging Computer Systems Using The Memory Remanence Effect
Amir Rahmati
- 01 Jan 2017
TL;DR: In this paper, the authors discuss the importance of diversity in the context of education, and propose a framework to improve the quality of education for all students in the US and Europe.
3
Dynamic reencryption of return addresses
TL;DR: The authors present dynamic reencryption of return addresses to mitigate their leakage and have confirmed its effectiveness against information leak attacks carried out in the early stage of blind return-oriented programming (BROP).
3
References
•Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
- 26 Jan 1998
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
•Proceedings Article
How to Own the Internet in Your Spare Time
Stuart Staniford,Vern Paxson,Nicholas Weaver +2 more
- 05 Aug 2002
TL;DR: This work develops and evaluates several new, highly virulent possible techniques: hit-list scanning, permutation scanning, self-coordinating scanning, and use of Internet-sized hit-lists (which creates a flash worm).
Countering code-injection attacks with instruction-set randomization
Gaurav S. Kc,Angelos D. Keromytis,Vassilis Prevelakis +2 more
- 27 Oct 2003
TL;DR: A new, general approach for safeguarding systems against any type of code-injection attack, by creating process-specific randomized instruction sets of the system executing potentially vulnerable software that can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.
The Apache HTTP Server Project
Roy T. Fielding,Gail E. Kaiser +1 more
TL;DR: This collaborative software development effort has created a robust, feature-rich HTTP server software package that currently dominates the public Internet market and is more often attributed to performance than price.
588
Randomized instruction set emulation to disrupt binary code injection attacks
Elena Gabriela Barrantes,David H. Ackley,Stephanie Forrest,Trek S. Palmer,Darko Stefanovic,Dino Dai Zovi +5 more
- 27 Oct 2003
TL;DR: RISE as discussed by the authors is a randomized instruction set emulator based on the open-source Valgrind x86-to-x86 binary translator, which is designed to resist binary code injection attacks.