The Dynamics of Innocent Flesh on the Bone
| Autor: | Xi Chen, Manolis Stamatogiannakis, Victor van der Veen, Herbert Bos, Cristiano Giuffrdia, Dennis Andriesse |
|---|---|
| Přispěvatelé: | Computer Systems, Network Institute, Systems and Network Security |
| Rok vydání: | 2017 |
| Předmět: |
0301 basic medicine
021110 strategic defence & security studies SDG 16 - Peace Exploit Computer science Subroutine SDG 16 - Peace Justice and Strong Institutions Code reuse 0211 other engineering and technologies 02 engineering and technology Static analysis Computer security computer.software_genre Justice and Strong Institutions 03 medical and health sciences 030104 developmental biology Taint checking Binary code Return-oriented programming computer Simple (philosophy) |
| Zdroj: | CCS Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security-CCS 17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security -CCS '17 CCS 2017-Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, Part F131467, 1675-1689 Veen, V V, Andriesse, D, Stamatogiannakis, M, Chen, X, Bos, H & Giuffrida, C 2017, The dynamics of innocent flesh on the bone : Code reuse ten years later . in CCS 2017-Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . vol. Part F131467, Association for Computing Machinery, pp. 1675-1689, 24th ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, United States, 30/10/17 . https://doi.org/10.1145/3133956.3134026 |
| DOI: | 10.1145/3133956.3134026 |
| Popis: | In 2007, Shacham published a seminal paper on Return-Oriented Programming (ROP), the first systematic formulation of code reuse. The paper has been highly influential, profoundly shaping the way we still think about code reuse today: An attacker analyzes the "ge-ometry" of victim binary code to locate gadgets and chains these to craft an exploit. This model has spurred much research, with a rapid progression of increasingly sophisticated code reuse attacks and defenses over time. After ten years, the common perception is that state-of-the-art code reuse defenses are effective in signifi-cantly raising the bar and making attacks exceedingly hard. In this paper, we challenge this perception and show that an at-tacker going beyond "geometry" (static analysis) and considering the "dynamics" (dynamic analysis) of a victim program can easily find function call gadgets even in the presence of state-of-the-art code-reuse defenses. To support our claims, we present Newton, a run-time gadget-discovery framework based on constraint-driven dynamic taint analysis. Newton can model a broad range of de-fenses by mapping their properties into simple, stackable, reusable constraints, and automatically generate gadgets that comply with these constraints. Using Newton, we systematically map and com-pare state-of-the-art defenses, demonstrating that even simple in-teractions with popular server programs are adequate for finding gadgets for all state-of-the-art code-reuse defenses. We conclude with an nginx case study, which shows that a Newton-enabled attacker can craft attacks which comply with the restrictions of advanced defenses, such as CPI and context-sensitive CFI. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|