Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this paper, we introduce the design and implementation framework based on novel attack strategy, dubbed just-in-time code reuse, that undermines benefits fine-grained ASLR. Specifically, derail assumptions embodied in ASLR by exploiting ability to repeatedly abuse memory disclosure map an application's on-the-fly, dynamically discover API functions...

Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effectively mitigate reuse attacks. However, a recent attack strategy, dubbed just-in-time return oriented programming (JIT-ROP), circumvents by disclosing the (randomized) content of many memory pages at runtime. In order to remedy this situation, new and improved defenses have been proposed. The contribution paper is twofold: first, we conduct security analysis recently proposed ASLR scheme...

In this work, we unveil new privacy threats against Voice-over-IP (VoIP) communications. Although prior work has shown that the interaction of variable bit-rate codecs and length-preserving stream ciphers leaks information, show threat is more serious than previously thought. particular, derive approximate transcripts encrypted VoIP conversations by segmenting an observed packet into subsequences representing individual phonemes classifying those they encode. Drawing on insights from...

Memory disclosure vulnerabilities enable an adversary to successfully mount arbitrary code execution attacks against applications via so-called just-in-time reuse attacks, even when those are fortified with fine-grained address space layout randomization. This attack paradigm requires the first read contents of randomized application code, then construct a payload using that knowledge. In this paper, we show recently proposed Execute-no-Read (XnR) technique fails prevent attacks. Next,...

The concept of destructive code reads is a new defensive strategy that prevents reuse attacks by coupling fine-grained address space layout randomization with mitigation for online knowledge gathering destroys potentially useful gadgets as they are disclosed an adversary. intuition destroying it read, adversary left no usable to in control-flow hijacking attack. In this paper, we examine the security mitigation. We show while initially appeared promising, there several unforeseen attack...

For the most part, forensic analysis of computer systems requires that one first identify suspicious objects or events, and then examine them in enough detail to form a hypothesis as their cause effect. Sadly, while our ability gather vast amounts data has improved significantly over past two decades, it is all too often case we tend lack detailed information just when need most. Simply put, current state forensics leaves much be desired. In this paper, attempt improve on art by providing...

The continuous discovery of exploitable vulnerabilitiesin popular applications (e.g., web browsers and documentviewers), along with their heightening protections against control flow hijacking, has opened the door to an oftenneglected attack strategy-namely, data-only attacks. In thispaper, we demonstrate practicality threat posedby attacks that harness power memorydisclosure vulnerabilities. To do so, introduce memorycartography, a technique simplifies construction ofdata-only in reliable...

This paper develops an analytic technique for quantifying the risk of computer network operations (CNO) against supervisory control and data acquisition (SCADA) systems. We measure in terms extent to which attacker can manipulate process elements, consequences due disruption controlled physical process, vulnerability SCADA system malicious intrusion. The constitutes a novel application Petri net state coverability analysis coupled with simulation. As such, this framework permits formal...

Just-in-time return-oriented programming (JIT-ROP) allows one to dynamically discover instruction pages and launch code reuse attacks, effectively bypassing most fine-grained address space layout randomization (ASLR) protection. However, in-depth questions regarding the impact of (re-)randomization on attacks have not been studied. For example, how would compute re-randomization interval by considering speed gadget convergence defeat JIT-ROP attacks? ; do starting pointers in availability...

Over the past decade, many innovations have been achieved with respect to improving responsiveness of highly-trafficked servers. These are fueled by a desire support complex and data-rich web applications while consuming minimal resources. One chief advancements has emergence asynchronous server architecture, which is built from ground up for scalability. While this architecture can offer significant boost in performance over classic forking servers, it does so at cost abandoning memory...

The complex optimizations supported by modern compilers allow for compiler provenance recovery at many levels. For instance, it is possible to identify the family and optimization level used when building a binary, as well individual passes applied functions within binary. Yet, downstream applications of remain unexplored. To bridge that gap, we train evaluate multi-label model on data collected from over 27,000 programs built using LLVM 14, apply number security-related tasks. Our approach...

Forensic analysis of computer systems requires that one first identify suspicious objects or events, and then examine them in enough detail to form a hypothesis as their cause effect. Sadly, while our ability gather vast amounts data has improved significantly over the past two decades, it is all too often case we lack detailed information just when need most. In this paper, attempt improve on state art by providing forensic platform transparently monitors records access events within...

Today's sophisticated web exploit kits use polymorphic techniques to obfuscate each attack instance, making content-based signatures used by network intrusion detection systems far less effective than in years past.A dynamic analysis, or honeyclient of these exploits plays a key role initially identifying new attacks order generate content signatures.While honeyclients can sweep the for attacks, they provide no means inspecting end-user traffic on-the-wire identify real time.This leaves...

With the growing reliance on net-centric warfare, understanding effect of information operations (IO) overall mission becomes increasingly important. Traditional assurance (IA) metrics quantify attributes underlying system, such as availability, confidentiality, and integrity critical services data, without providing mission-level perspective. Meanwhile, attacks defenses are not typically incorporated into Air Missile Defense (AMD) force-level analysis. There is a demonstrated need to...

Just-in-time return-oriented programming (JIT-ROP) allows one to dynamically discover instruction pages and launch code reuse attacks, effectively bypassing most fine-grained address space layout randomization (ASLR) protection. However, in-depth questions regarding the impact of (re-)randomization on attacks have not been studied. For example, how would compute re-randomization interval by considering speed gadget convergence defeat JIT-ROP attacks?; do starting pointers in availability...