Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2015
IEEE
2015
IEEE
Exploiting and Protecting Dynamic Code Generation
Abstract—Many mechanisms have been proposed and deployed to prevent exploits against software vulnerabilities. Among them, W⊕X is one of the most effective and efficient. W⊕X prevents memory pages from being simultaneously writable and executable, rendering the decades old shellcode injection technique infeasible. In this paper, we demonstrate that the traditional shellcode injection attack can be revived through a code cache injection technique. Specifically, dynamic code generation, a technique widely used in just-in-time (JIT) compilation and dynamic binary translation (DBT), generates and modifies code on the fly in order to promote performance or security. The dynamically generated code fragments are stored in a code cache, which is writable and executable either at the same time or alternately, resulting in an opportunity for exploitation. This threat is especially realistic when the generated code is multi-threaded, because switching between writable and executable lea...
Real-time TrafficRelated Content
| Added | 15 Apr 2016 |
| Updated | 15 Apr 2016 |
| Type | Journal |
| Year | 2015 |
| Where | NDSS |
| Authors | Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, David Melski |
Comments (0)
Researcher Info
|
