Sciweavers

ACSAC
2009
IEEE

Surgically Returning to Randomized lib(c)

14 years 7 months ago
Surgically Returning to Randomized lib(c)
—To strengthen systems against code injection attacks, the write or execute only policy (W⊕X) and address space layout randomization (ASLR) are typically used in combination. The former separates data and code, while the latter randomizes the layout of a process. In this paper we present a new attack to bypass W⊕X and ASLR. The state-of-the-art attack against this combination of protections is based on brute-force, while ours is based on the leakage of sensitive information about the memory layout of the process. Using our attack an attacker can exploit the majority of programs vulnerable to stack-based buffer overflows surgically, i.e., in a single attempt. We have estimated
Giampaolo Fresi Roglia, Lorenzo Martignoni, Robert
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2009
Where ACSAC
Authors Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, Danilo Bruschi
Comments (0)