Sciweavers

ESSOS
2014
Springer

Detecting Code Reuse Attacks with a Model of Conformant Program Execution

10 years 8 months ago
Detecting Code Reuse Attacks with a Model of Conformant Program Execution
Abstract. Code reuse attacks circumvent traditional program protection mechanisms such as W ⊕ X by constructing exploits from code already present within a process. Existing techniques to defend against these attacks provide ad hoc solutions or lack in features necessary to provide comprehensive and adoptable solutions. We present a systematic approach based on first principles for the efficient, robust detection of these attacks; our work enforces expected program behavior instead of defending against anticipated attacks. We define conformant program execution (CPE) as a set of requirements on program states. We demonstrate that code reuse attacks violate these requirements and thus can be detected; further, new exploit variations will not circumvent CPE. To provide an efficient and adoptable solution, we also define observed conformant program execution, which validates program state at system call invocations; we demonstrate that this relaxed model is sufficient to detect code ...
Emily R. Jacobson, Andrew R. Bernat, William R. Wi
Added 27 Apr 2014
Updated 27 Apr 2014
Type Journal
Year 2014
Where ESSOS
Authors Emily R. Jacobson, Andrew R. Bernat, William R. Williams, Barton P. Miller
Comments (0)