Read e-book online Building Secure Defenses Against Code-Reuse Attacks PDF

By Lucas Davi, Ahmad-Reza Sadeghi

This e-book offers an in-depth examine return-oriented programming assaults. It explores numerous traditional return-oriented programming assaults and analyzes the effectiveness of security suggestions together with tackle house format randomization (ASLR) and the control-flow regulations carried out in defense watchdogs akin to Microsoft EMET.

Chapters additionally clarify the main of control-flow integrity (CFI), spotlight the advantages of CFI and speak about its present weaknesses. a number of enhanced and complex return-oriented programming assault ideas reminiscent of just-in-time return-oriented programming are presented.

Building safe Defenses opposed to Code-Reuse Attacks is a superb reference software for researchers, programmers and pros operating within the defense box. It presents advanced-level scholars learning computing device technological know-how with a complete evaluation and transparent knowing of significant runtime attacks.

Show description

Read Online or Download Building Secure Defenses Against Code-Reuse Attacks PDF

Similar object-oriented software design books

An Inductive Logic Programming Approach to Statistical - download pdf or read online

During this e-book, the writer Kristian Kersting has made an attack on one of many toughest integration difficulties on the middle of man-made Intelligence learn. This contains taking 3 disparate significant components of analysis and making an attempt a fusion between them. the 3 components are: common sense Programming, Uncertainty Reasoning and computing device studying.

Download PDF by Alan Shalloway: Design Patterns Explained - A New Perspective

(Pearson schooling) textual content combining the foundations of object-oriented programming with the facility of layout styles to create a brand new atmosphere for software program improvement. Stresses the significance of research and layout, displaying how styles can facilitate that technique. Softcover. DLC: Object-oriented tools (Computer science).

Get JDBC: Practical Guide for Java Programmers (The Practical PDF

JDBC: useful advisor for Java Programmers is the fastest solution to achieve the abilities required for connecting your Java program to a SQL database. functional, tutorial-based assurance retains you centered at the crucial projects and strategies, and incisive reasons cement your figuring out of the API good points you will use many times.

Download PDF by Fernando Ferri: Visual Languages for Interactive Computing: Definitions and

Visible languages are the defining part of interactive computing environments, but inspite of the swift speed of evolution of this area, major demanding situations stay. visible Languages for Interactive Computing: Definitions and Formalizations offers accomplished insurance of the issues and methodologies with regards to the syntax, semantics, and ambiguities of visible languages.

Extra resources for Building Secure Defenses Against Code-Reuse Attacks

Example text

CFI builds upon several assumptions to effectively defend against code-reuse attacks. Foremost, it assumes that code is not writable, and that an adversary cannot execute injected code from data memory. Both is ensured by enforcing the W ˚ X security model which is enabled by default on modern operating systems (cf. Sect. 4). However, this also means that original CFI is not applicable to selfmodifying code, or code that is generated just-in-time. As code is assumed to be immutable, Abadi et al.

For its policies in category ➀, ROPecker inspects each LBR entry to identify indirect branches that have redirected the control-flow to a gadget. This decision is based on the gadget database that ROPecker derived in the static analysis phase. ROPecker also inspects the program stack to predict future execution of gadgets. There is no direct policy check for indirect branches, but instead, possible gadgets are detected via a heuristic. 2 Practical CFI Implementations 37 its behavioral-based heuristic (category ➁) completely hinges on the assumption that instruction sequences will be short and that there will always be a chain of at least some threshold number of consecutive instruction sequences.

A gadget compiler that entirely focuses on constructing jump-oriented exploits is presented by Chen et al. [8]. The compiler targets x86-compiled code and leverages the so-called combinational gadget terminating in a CALL-JMP sequence to invoke a system call in a jump-oriented attack. Whereas the previously discussed gadget compilers focused on a particular processor platform, Dullien et al. [13] introduce a gadget discovery tool that operates platform-independent by decompiling assembler instructions to an intermediate language called REIL.

Download PDF sample

Rated 4.88 of 5 – based on 9 votes