Sciweavers

CCS
2015
ACM

Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads

8 years 6 months ago
Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads
Vulnerabilities that disclose executable memory pages enable a new class of powerful code reuse attacks that build the attack payload at runtime. In this work, we present Heisenbyte, a system to protect against memory disclosure attacks. Central to Heisenbyte is the concept of destructive code reads – code is garbled right after it is read. Garbling the code after reading it takes away from the attacker her ability to leverage memory disclosure bugs in both static code and dynamically generated just-in-time code. By leveraging existing virtualization support, Heisenbyte’s novel use of destructive code reads sidesteps the problem of incomplete binary disassembly in binaries, and extends protection to close-sourced COTS binaries, which are two major limitations of prior solutions against memory disclosure vulnerabilities. Our experiments demonstrate that Heisenbyte can tolerate some degree of imperfect static analysis in disassembled binaries, while effectively thwarting dynamic co...
Adrian Tang, Simha Sethumadhavan, Salvatore J. Sto
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Adrian Tang, Simha Sethumadhavan, Salvatore J. Stolfo
Comments (0)