Sciweavers

NDSS
2015
IEEE

Exploiting and Protecting Dynamic Code Generation

8 years 8 months ago
Exploiting and Protecting Dynamic Code Generation
Abstract—Many mechanisms have been proposed and deployed to prevent exploits against software vulnerabilities. Among them, W⊕X is one of the most effective and efficient. W⊕X prevents memory pages from being simultaneously writable and executable, rendering the decades old shellcode injection technique infeasible. In this paper, we demonstrate that the traditional shellcode injection attack can be revived through a code cache injection technique. Specifically, dynamic code generation, a technique widely used in just-in-time (JIT) compilation and dynamic binary translation (DBT), generates and modifies code on the fly in order to promote performance or security. The dynamically generated code fragments are stored in a code cache, which is writable and executable either at the same time or alternately, resulting in an opportunity for exploitation. This threat is especially realistic when the generated code is multi-threaded, because switching between writable and executable lea...
Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee,
Added 15 Apr 2016
Updated 15 Apr 2016
Type Journal
Year 2015
Where NDSS
Authors Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, David Melski
Comments (0)