Title :
Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables
Author :
Liu, Limin ; Han, Jin ; Gao, Debin ; Jing, Jiwu ; Zha, Daren
Author_Institution :
State Key Lab. of Inf. Security, Grad. Univ. of CAS, Beijing, China
Abstract :
Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W ⊕ X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables are also randomized at run-time are able to defend against return-oriented programming, as the addresses of all instructions are randomized. In this paper, we show that due to the weakness of current address space randomization technique, there are still ways of launching return-oriented programming attacks against those well-protected systems efficiently. We demonstrate and evaluate our attacks with existing typical web server applications and discuss possible methods of mitigating such threats.
Keywords :
security of data; Web server applications; randomized relocatable executables; return-oriented programming attacks; space randomization technique; Databases; Entropy; Layout; Libraries; Programming; Web servers; address space randomization; position independent executable; return-oriented programming;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on
Conference_Location :
Changsha
Print_ISBN :
978-1-4577-2135-9
DOI :
10.1109/TrustCom.2011.9
