ECU Libraries Catalog

The continuing arms race : code-reuse attacks and defenses / Per Larsen, Ahmad-Reza Sadeghi.

Author/creator Larsen, Per, 1980- author.
Other author/creatorSadeghi, Ahmad-Reza, author.
Format Electronic and Book
EditionFirst edition.
Publication Info [New York] : Association for Computing Machinery ; [San Rafael, California] : Morgan & Claypool, 2018.
Description1 online resource (xiii, 288 pages) : illustrations.
Supplemental Content Ebook Central
Subject(s)
Series ACM books, 2374-6777 ; #18
ACM books #18. ^A1287316
Contents 1. How memory safety violations enable exploitation of programs / Mathias Payer -- 1.1 Memory safety -- 1.2 Data integrity -- 1.3 Confidentiality -- 1.4 Data-flow and control-flow integrity -- 1.5 Policy enforcement -- 1.6 An adversary's toolkit -- 1.7 Conclusion
Contents 2. Protecting dynamic code / Gang Tan, Ben Niu -- 2.1 Overview of challenges and solutions -- 2.2 Type-based CFG generation -- 2.3 Handling dynamically linked libraries -- 2.4 Handling just-in-time compiled code -- 2.5 Related work -- 2.6 Conclusion
Contents 3. Diversity and information leaks / Stephen Crane, Andrei Homescu, Per Larsen, Hamed Okhravi, Michael Franz -- 3.1 Software diversity -- 3.2 Information leakage -- 3.3 Mitigating information leakage -- 3.4 Address oblivious code reuse -- 3.5 Countering address-oblivious code reuse -- 3.6 Evaluation of code-pointer authentication -- 3.7 Conclusion
Contents 4. Code-pointer integrity / Volodymyr Kuznetzov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, Dawn Song -- 4.1 Introduction -- 4.2 Related work -- 4.3 Threat model -- 4.4 Design -- 4.5 The formal model of CPI -- 4.6 Implementation -- 4.7 Evaluation -- 4.8 Conclusion
Contents 5. Evaluating control-flow restricting defenses / Enes Goktas, Elias Athanasopoulos, Herbert Bos, Georgios Portokalidis -- 5.1 Introduction -- 5.2 Control-flow restricting defenses -- 5.3 Security analysis -- 5.4 Quantifying gadget availability in CFR -- 5.5 Proof-of-concept exploit against CFR -- 5.6 Summary
Contents 6. Attacking dynamic code / Felix Schuster, Thorsten Holz -- 6.1 Goals and attacker model -- 6.2 Counterfeit object-oriented programming -- 6.3 Loopless counterfeit object-oriented programming -- 6.4 A framework for counterfeit object-oriented programming -- 6.5 Proof-of-concept exploits -- 6.6 Discussion -- 6.7 Security assessment of existing defenses -- 6.8 Conclusion
Contents 7. Hardware control flow integrity / Yier Jin, Dean Sullivan, Orlando Arias, Ahmad-Reza Sadeghi, Lucas Davi -- 7.1 Introduction -- 7.2 Threat model and assumptions -- 7.3 Requirements -- 7.4 Modeling CFI -- 7.5 Constructing a precise stateful CFI policy -- 7.6 Hardware-enhanced CFI: design and implementation -- 7.7 Security evaluation -- 7.8 Performance evaluation -- 7.9 Related work -- 7.10 Conclusion
Contents 8. Multi-variant execution environments / Bart Coppens, Bjorn De Sutter, Stijn Volckaert -- 8.1 General design of an MVEE -- 8.2 Implementation of GHUMVEE -- 8.3 Inconsistencies and false positive detections -- 8.4 Comprehensive protection against code-reuse attacks -- 8.5 Relaxed monitoring -- 8.6 Evaluation -- 8.7 Conclusion -- References -- Contributor biographies.
Summary As human activities moved to the digital domain, so did all the well-known malicious behaviors including fraud, theft, and other trickery. There is no silver bullet, and each security threat calls for a specific answer. One specific threat is that applications accept malformed inputs, and in many cases it is possible to craft inputs that let an intruder take full control over the target computer system. The nature of systems programming languages lies at the heart of the problem. Rather than rewriting decades of well-tested functionality, this book examines ways to live with the (programming) sins of the past while shoring up security in the most efficient manner possible. We explore a range of different options, each making significant progress towards securing legacy programs from malicious inputs. The solutions explored include enforcement-type defenses, which excludes certain program executions because they never arise during normal operation. Another strand explores the idea of presenting adversaries with a moving target that unpredictably changes its attack surface thanks to randomization. We also cover tandem execution ideas where the compromise of one executing clone causes it to diverge from another thus revealing adversarial activities. The main purpose of this book is to provide readers with some of the most influential works on run-time exploits and defenses. We hope that the material in this book will inspire readers and generate new ideas and paradigms.
General noteTitle from PDF title page (viewed on March 30, 2018).
Bibliography noteIncludes bibliographical references (pages 261-281).
Issued in other formPrint version: 9781970001839 9781970001808
Genre/formElectronic books.
ISBN9781970001815 (ebook)
ISBN197000181X (ebook)
ISBN(ePub)
ISBN(paperback)
ISBN(hardcover)
Standard identifier# 10.1145/3129743

Available Items

Availability data is currently unavailable.