DWARF FRANKENSTEIN IS STILL INYOUR MEMORY: TINY CODE REUSE ATTACKS

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

SADEGHI ALI AKBAR; AMINMANSOUR FARZANE; SHAHRIARI HAMID REZA

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY Year:2017 | Volume:9 | Issue:1 Page(s): 53-72

Download Full-Text

Persian Verion

View:

390

Download:

114

Cites:

Information Journal Paper

Title

DWARF FRANKENSTEIN IS STILL INYOUR MEMORY: TINY CODE REUSE ATTACKS

Author(s)

SADEGHI ALI AKBAR | AMINMANSOUR FARZANE | SHAHRIARI HAMID REZA | Issue Writer Certificate

Keywords

SOFTWARE SECURITYQ1

CODE REUSE ATTACKSQ1

JUMP ORIENTED PROGRAMMINGQ1

TINY JOPQ1

KERNEL TRAPPER GADGETQ1

Abstract

Code reuse attacks such as return oriented programming and JUMP ORIENTED PROGRAMMING are the most popular exploitation methods among attackers. A large number of practical and non-practical defenses are proposed that di er in their overhead, the source code requirement, detection rate and implementation dependencies. However, a usual aspect among these methods is consideration of the common behaviour of CODE REUSE ATTACKS, which is the construction of a gadget chain. Therefore, the implication of a gadget and the minimum size of an attack chain are a matter of controversy. Conservative or relaxed thresholds may cause false positive and false negative alarms, respectively.The main contribution of this paper is to provide a tricky aspect of code reuse techniques, called tiny CODE REUSE ATTACKS (Tiny-CRA) that demonstrates the ine ectiveness of the threshold based detection methods. We show that with bare minimum assumptions, Tiny-CRA can reduce the size of a gadget chain in shuch a way that no distinction can be detected between normal behaviour of a program and a code-reuse execution. To do so, we exhibit our Tiny-CRA primitives and introduce a useful gadget set available in \libc. We demonstrate the e ectiveness of our approach by implementing nine di erent shell-codes and exploiting real-world bu er overow vulnerability in HT Editor 2.0.20.

Cites

No record.

References

No record.

Cite

APA: Copy

SADEGHI, ALI AKBAR, AMINMANSOUR, FARZANE, & SHAHRIARI, HAMID REZA. (2017). DWARF FRANKENSTEIN IS STILL INYOUR MEMORY: TINY CODE REUSE ATTACKS. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 9(1 ), 53-72. SID. https://sid.ir/paper/241784/en

Vancouver: Copy

SADEGHI ALI AKBAR, AMINMANSOUR FARZANE, SHAHRIARI HAMID REZA. DWARF FRANKENSTEIN IS STILL INYOUR MEMORY: TINY CODE REUSE ATTACKS. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY[Internet]. 2017;9(1 ):53-72. Available from: https://sid.ir/paper/241784/en

IEEE: Copy

ALI AKBAR SADEGHI, FARZANE AMINMANSOUR, and HAMID REZA SHAHRIARI, “DWARF FRANKENSTEIN IS STILL INYOUR MEMORY: TINY CODE REUSE ATTACKS,” THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol. 9, no. 1 , pp. 53–72, 2017, [Online]. Available: https://sid.ir/paper/241784/en

Related Journal Papers