Sciweavers

CCS
2015
ACM

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks

7 years 11 months ago
It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research has proposed a variety of defenses with differing security, efficiency, and practicality characteristics. Whereas the majority of these solutions focus on specific code-reuse attack variants such as return-oriented programming (ROP), other attack variants that reuse whole functions, such as the classic return-into-libc, have received much less attention. Mitigating function-level code reuse is highly challenging because one needs to distinguish a legitimate call to a function from an illegitimate one. In fact, the recent counterfeit object-oriented programming (COOP) attack demonstrated that the majority of code-reuse defenses can be bypassed by reusing dynamically bound functions, i.e., functions that are accessed through global offset tables and virtual function tables, respectively. In this paper, we first significantly improve and simplify the COOP attack. Based on a strong ad...
Stephen J. Crane, Stijn Volckaert, Felix Schuster,
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Stephen J. Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, Michael Franz
Comments (0)