Sciweavers

CCS
2015
ACM

Securing Legacy Software against Real-World Code-Reuse Exploits: Utopia, Alchemy, or Possible Future?

8 years 7 months ago
Securing Legacy Software against Real-World Code-Reuse Exploits: Utopia, Alchemy, or Possible Future?
Exploitation of memory-corruption vulnerabilities in widelyused software has been a threat for over two decades and no end seems to be in sight. Since performance and backwards compatibility trump security concerns, popular programs such as web browsers, servers, and office suites still contain large amounts of untrusted legacy code written in error-prone languages such as C and C++. At the same time, modern exploits are evolving quickly and routinely incorporate sophisticated techniques such as code reuse and memory disclosure. As a result, they bypass all widely deployed countermeasures including data execution prevention (DEP) and code randomization such as address space layout randomization (ASLR). The good news is that the security community has recently introduced several promising prototype defenses that offer a more principled response to modern exploits. Even though these solutions have improved substantially over time, they are not perfect and weaknesses that allow bypasses...
Ahmad-Reza Sadeghi, Lucas Davi, Per Larsen
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Ahmad-Reza Sadeghi, Lucas Davi, Per Larsen
Comments (0)