Spelling suggestions: "subject:"returnoriented programming"" "subject:"returnoriented erogramming""
1 |
RIP-ROP: uma proteção contra ataques de execução de código arbitrário baseados em Return-Oriented ProgrammingFerreira, Mateus Felipe Tymburibá 06 August 2014 (has links)
Submitted by Geyciane Santos (geyciane_thamires@hotmail.com) on 2015-06-17T15:20:30Z
No. of bitstreams: 1
Dissertação - Mateus Felipe Tymburibá Ferreira.pdf: 4435693 bytes, checksum: da80cc7a540a306b4bc52b8792ffe9e1 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-06-17T20:44:52Z (GMT) No. of bitstreams: 1
Dissertação - Mateus Felipe Tymburibá Ferreira.pdf: 4435693 bytes, checksum: da80cc7a540a306b4bc52b8792ffe9e1 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-06-17T20:45:51Z (GMT) No. of bitstreams: 1
Dissertação - Mateus Felipe Tymburibá Ferreira.pdf: 4435693 bytes, checksum: da80cc7a540a306b4bc52b8792ffe9e1 (MD5) / Made available in DSpace on 2015-06-17T20:45:51Z (GMT). No. of bitstreams: 1
Dissertação - Mateus Felipe Tymburibá Ferreira.pdf: 4435693 bytes, checksum: da80cc7a540a306b4bc52b8792ffe9e1 (MD5)
Previous issue date: 2014-08-06 / CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / ReturnOriented Programming (ROP) is the name of a technique used for the development of malicious code that has been widely used to force execution of arbitrary code on vulnerable applications. It is based on the interconnection of small fractions of code belonging to attacked processes, which allows overcoming protections widely disseminated, such as that offered by the execute bit (NX/XD). Because of its wide use in attacks against modern computing systems, protections against ROP based exploits have been widely studied. Nevertheless, it is still not known a solution capable of combining efficacy against all forms of ROP, computational efficiency and feasibility of the
employment on applications protection. In order to facilitate the understanding of these
requirements and the inherent implications for methods of protection against ROP attacks, this work offers a bibliographic survey of the state of the art about this subject. For this, we propose in this paper: (i) metrics for evaluation and comparison of protections against ROP attacks and (ii) taxonomies to classify these protections depending on blocking strategies and implementation approaches used in each solution. This dissertation also provides a new method of protection against arbitrary code execution attacks based on ROP that seeks to encompass the requirements of effectiveness, efficiency and viability. It
was demonstrated that by controlling the frequency of indirect branch instructions performed by applications it is possible to distinguish ROP attacks from authentic codes and thus prevent their consolidation. In a dynamic binary instrumentation framework, it was developed a prototype – named RIPROP – for Windows, Linux, Android and OSX environments. Experiments conducted with malicious codes available in public repositories of exploits confirmed the feasibility of the proposed model for the protection of real applications. In addition, the computational cost imposed by RIPROP is comparable and in some cases lower than that achieved by related protections. / ReturnOriented Programming (ROP) é o nome de uma técnica usada para o desenvolvimento de códigos maliciosos que vem sendo amplamente utilizada para forçar a execução de códigos arbitrários em aplicações vulneráveis. Ela baseiase na interligação de pequenas frações de código pertencentes aos próprios processos atacados, o que permite a superação de proteções largamente difundidas, como aquela oferecida pelo bit de execução (NX/XD). Em função de seu vasto emprego em investidas contra sistemas computacionais modernos, proteções contra exploits baseados em ROP têm sido extensamente estudadas. Apesar disso, ainda não se conhece uma solução capaz de aliar eficácia contra todas as modalidades de ROP, eficiência computacional e viabilidade de emprego na proteção de aplicações. Com o intuito de facilitar o entendimento desses requisitos, bem como das implicações inerentes a métodos de proteção contra
ataques ROP, este trabalho oferece um levantamento bibliográfico do estado da arte envolvendo esse tema. Para isso, são propostas neste trabalho: (i) métricas para avaliação e comparação de proteções contra ataques ROP e (ii) taxonomias para classificação dessas proteções em função das estratégias de bloqueio e das abordagens de implementação utilizadas em cada solução. Esta dissertação provê ainda um novo método de proteção contra ataques de execução de código arbitrário baseados em ROP que busca abarcar os requisitos de eficácia, eficiência e viabilidade. Demonstrou-se que, através do controle da frequência de instruções de desvio indireto executadas pelas aplicações, é possível distinguir ataques ROP de códigos autênticos e, assim, evitar a sua consolidação. Em um framework de instrumentação binária dinâmica, foi desenvolvido um protótipo – denominado RIP-ROP – destinado a ambientes Windows, Linux, Android e OSX. Experimentos realizados com códigos maliciosos disponíveis em repositórios públicos de exploits confirmaram a viabilidade do modelo proposto para a proteção de aplicações reais. Além disso, o custo
computacional imposto pelo RIP-ROP é comparável e, em alguns casos, inferior àquele alcançado
por proteções correlatas.
|
2 |
Lambda Calculus for Binary Security and AnalysisStaursky, Joseph N. 30 September 2021 (has links)
No description available.
|
3 |
Defeating ROP Through Dynamically Encrypted Return AddressesWhite, Matthew L. 20 October 2014 (has links)
No description available.
|
4 |
Built-In Return-Oriented Programs in Embedded Systems and Deep Learning for Hardware Trojan DetectionWeidler, Nathanael R. 01 December 2019 (has links)
Microcontrollers and integrated circuits in general have become ubiquitous in the world today. All aspects of our lives depend on them from driving to work, to calling our friends, to checking our bank account balance. People who would do harm to individuals, corporations and nation states are aware of this and for that reason they seek to find or create and exploit vulnerabilities in integrated circuits. This dissertation contains three papers dealing with these types of vulnerabilities. The first paper talks about a vulnerability that was found on a microcontroller, which is a type of integrated circuit. The final two papers deal with hardware trojans. Hardware trojans are purposely added to the design of an integrated circuit in secret so that the manufacturer doesn’t know about it. They are used to damage the integrated circuit, leak confidential information, or in other ways alter the circuit. Hardware trojans are a major concern for anyone using integrated circuits because an attacker can alter a circuit in almost any way if they are successful in inserting one. A known method to prevent hardware trojan insertion is discussed and a type of circuit for which this method does not work is revealed. The discussion of hardware trojans is concluded with a new way to detect them before the integrated circuit is manufactured. Modern deep learning models are used to detect the portions of the hardware trojan called triggers that activate them.
|
5 |
ROP-chain generation using Genetic Programming : GENROPBranting, Jonatan January 2022 (has links)
Return Oriented Programming (ROP) is the de-facto technique used to exploit most of today’s native-code vulnerabilities hiding in old and newly developed software alike. By reusing bits and pieces of already existing code (gadgets), ROP can be used to bypass the ever-present Write ⊕ eXecute (W⊕X) security feature, which enforces memory to only be marked as either executable or writable; never both at the same time. Even with its widespread use, crafting more advanced ROP-chains is mostly left as a manual task. This paper attempts to explore the viability of automating ROP-chain generation by leveraging genetic programming (GP), and describes the implementation and design of the ROP-compiler GENROP in this endeavour. We introduce a novel approach to adapt GP to work within the environment of ROP, which attempts to guide the algorithm and preemptively remove pathways which are known ahead of time to be unable to generate a solution. GENROP is tested by attempting to generate a working payload against a number of binaries, and is then evaluated based on success rate and payload size when compared to angrop (another ROP-compiler). The results show that the algorithm is able to generate functioning payloads in most of the tested cases, although it does perform worse than angrop. This can partly be explained by the fact that GENROP uses gadget definitions generated by angrop, which reduces the potential viability of the ROP-compiler, as more unwieldy but potentially usable gadgets are not available. Additionally, it was found that extensively guiding the algorithm has negative consequences in terms of solution diversity. Relying on faster execution times and more iterations might produce better results. Further work is required to assess whether or not generating ROP-chains using genetic programming is a viable approach.
|
6 |
Multi-Architecture Binary Rewriter to Prevent ROP Arbitrary Code Execution / Multiarkitektur binär filomskrivning för att förhindra exekvering av godtycklig ROP-kodPiano, Matteo January 2017 (has links)
Despite the increasing attention to the topic of computer security, the amount of vulnerable software services is still high. The exploitation of a common vulnerability like memory management bugs brought to the development of an attack known as Return Oriented Programming (ROP). Such technique employs malicious memory injections to hijack the control flow of the targeted application and execute an arbitrary series of instructions. This thesis explores the design and implementation of a static binary rewriting tool able to instrument applications compiled for the Linux operating system in order to offer protection against ROP exploitation on x86 and ARM platforms. The instrumentation is achieved by extracting re-compilable assembler code from executable binary files which is then processed and modified. The effectiveness of such solution is tested with a selection of benchmarking utilities in order to evaluate the cost in terms of performance caused by its employment. The results obtained from these experiments show that on average the added overheads are acceptably low and, consequently, the proposed tool is a valid solution to improve the security of vulnerable applications when the original source code is not available. / Trots den ökande uppmärksamheten på ämnet datasäkerhet är mängden sårbara mjukvarutjänster fortfarande stor. Utnyttjandet av en vanlig sårbarhet som minneshanteringsfel har lett till utvecklingen av en attack som kallas Return Oriented Programming (ROP). Denna teknik utnyttjar skadliga minnesinjektioner för att ändra kontrollflödet för den riktade applikationen och utföra en godtycklig serie instruktioner. Detta exjobb undersöker utformningen och genomförandet av ett verktyg för statisk binär omskrivning som kan användas för att instrumentera applikationer för Linux-operativsystemet för att erbjuda skydd mot ROP-exploatering på x86- och ARM-plattformar. Instrumentering uppnås genom att extrahera återkompilerbar assemblerkod från exekverbara binära filer som sedan behandlas och modifieras. Effektiviteten av sådan lösning testas med ett urval av benchmarkingverktyg för att utvärdera kostnaden när det gäller prestanda som orsakas av dess användning. Resultaten från dessa experiment visar att de extra kostnaderna i genomsnitt är acceptabelt låga och, följaktligen, är det föreslagna verktyget en giltig lösning för att förbättra säkerheten för sårbara applikationer när den ursprungliga källkoden inte är tillgänglig.
|
7 |
DynaCut: A Framework for Dynamic Code CustomizationMahurkar, Abhijit 03 September 2021 (has links)
Software systems are becoming increasingly bloated to accommodate a wide array of features,
platforms and users. This results not only in wastage of memory but also in an increase
in their attack surface. Existing works broadly use binary-rewriting techniques to remove
unused code, but this results in a binary that is highly customized for a given usage context.
If the usage scenario of the binary changes, the binary has to be regenerated. We present
DYNACUT– a framework for Dynamic and Adaptive Code Customization. DYNACUT provides
the user with the capability to customize the application to changing usage scenarios at
runtime without the need for the source code. DYNACUT achieves this customization by
leveraging two techniques: 1) identifying the code to be removed by using execution traces
of the application and 2) by rewriting the process dynamically. The first technique uses
traces of the wanted features and the unwanted features of the application and generates
their diffs to identify the features to be removed. The second technique modifies the process
image to add traps and fault-handling code to remove vulnerable but unused code. DYNACUT
can also disable temporally unused code – code that is used only during the initialization
phase of the application. To demonstrate its effectiveness, we built a prototype of DYNACUT
and evaluated it on 9 real-world applications including NGINX, Lighttpd and 7 applications
of the SPEC Intspeed benchmark suite. DYNACUT removes upto 56% of executed basic blocks
and upto 10% of the application code when used to remove initialization code. The total
overhead is in the range of 1.63 seconds for Lighttpd, 4.83 seconds for NGINX and about 39
seconds for perlbench in the SPEC suite. / Master of Science / Software systems are becoming increasingly bloated to accommodate a wide array of users,
features and platforms. This results in the software not only occupying extra space on com-
puting platforms but also in an increase in the ways that the applications can be exploited
by hackers. Current works broadly use a variety of techniques to identify and remove this
type of vulnerable and unused code. But, these approaches result in a software that has
to be modified with the changing usage scenarios of the application. We present DYNACUT,
a dynamic code customization tool that can customize the application at its runtime with
a minimal overhead. We use the execution traces of the application to customize the ap-
plication according to user specifications. DYNACUT can identify code that is only used in
the initial stages of the application execution (initialization code) and remove them. DYNA-
CUT can also disable features of the application. To demonstrate its effectiveness, we built
a prototype of DYNACUT and evaluated it on 9 real-world applications including NGINX,
Lighttpd and 7 applications of the SPEC Intspeed benchmark suite. DYNACUT removes upto
56% of executed basic blocks and upto 10% of the application code when used to remove
initialization code. The total overhead is in the range of 1.63 seconds for Lighttpd, 4.83
seconds for NGINX and about 39 seconds for perlbench in the SPEC suite.
|
8 |
Practical Exploit Mitigation Design Against Code Re-Use and System Call Abuse AttacksJelesnianski, Christopher Stanislaw 09 January 2023 (has links)
Over the years, many defense techniques have been proposed by the security community. Even so, few have been adopted by the general public and deployed in production. This limited defense deployment and weak security has serious consequences, as large scale cyber-attacks are now a common occurrence in society. One major obstacle that stands in the way is practicality, the quality of being designed for actual use or having usefulness or convenience. For example, an exploit mitigation design may be considered not practical to deploy if it imposes high performance overhead, despite offering excellent and robust security guarantees. This is because achieving hallmarks of practical design, such as minimizing adverse side-effects like performance degradation or memory monopolization, is difficult in practice, especially when trying to provide a high level of security for users.
Secure and practical exploit mitigation design must successfully navigate several challenges. To illustrate, modern-day attacks, especially code re-use attacks, understand that rudimentary defenses such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) will be deployed moving forward. These attacks have therefore evolved and diversified their angles of attack to become capable of leveraging a multitude of different code components. Accordingly, the security community has uncovered these threats and maintained progress in providing possible resolutions with new exploit mitigation designs. More specifically though, defenses have had to correspondingly extend their capabilities to protect more aspects of code, leading to defense techniques becoming increasingly complex. Trouble then arises as supporting such fine-grained defenses brings inherent disadvantages such as significant hardware resource utilization that could be otherwise used for useful work. This complexity has made performance, security, and scalability all competing ideals in practical system design. At the same time, other recent efforts have implemented mechanisms with negligible performance impact, but do so at the risk of weaker security guarantees.
This dissertation first formalizes the challenges in modern exploit mitigation design. To illustrate these challenges, this dissertation presents a survey from the perspective of both attacker and defender to provide an overview of this current security landscape. This includes defining an informal taxonomy of exploit mitigation strategies, explaining prominent attack vectors that are faced by security experts today, and identifying and defining code components that are generally abused by code re-use. This dissertation then presents two practical design solutions. Both defense system designs uphold goals of achieving realistic performance, providing strong security guarantees, being robust for modern application code-bases, and being able to scale across the system at large.
The first practical exploit mitigation design this dissertation presents is MARDU. MARDU is a novel re-randomization approach that utilizes on-demand randomization and the concept of code trampolines to support sharing of code transparently system-wide. To the best of my knowledge, MARDU is the first presented re-randomization technique capable of runtime code sharing for re-randomized code system-wide. Moreover, MARDU is one of the very few re-randomization mechanisms capable of performing seamless live thread migration to newly randomized code without pausing application execution. This dissertation describes the full design, implementation, and evaluation of MARDU to demonstrate its merits and show that careful design can uphold all practical design goals. For instance, scalability is a major challenge for randomization strategies, especially because traditional OS design expects code to be placed in known locations so that it can be reached by multiple processes, while randomization is purposefully trying to achieve the opposite, being completely unpredictable. This clash in expectations between system and defense design breaks a few very important assumptions for an application's runtime environment. This forces most randomization mechanisms to abandon the hope of upholding memory deduplication. MARDU resolves this challenge by applying trampolines to securely reach functions protected under secure memory. Even with this new calling convention in place, MARDU shows re-randomization degradation can be significantly reduced without sacrificing randomization entropy. Moreover, MARDU shows it is capable of defeating prominent code re-use variants with this practical design.
This dissertation then presents its second practical exploit mitigation solution, BASTION. BASTION is a fine-grained system call filtering mechanism aimed at significantly strengthening the security surrounding system calls. Like MARDU, BASTION upholds the principles of this dissertation and was implemented with practicality in mind. BASTION's design is based on empirical observation of what a legitimate system call invocation consists of. BASTION introduces System Call Integrity to enforce the correct and intended use of system calls within a program. In order to enforce this novel security policy, BASTION proposes three new specialized contexts for the effective enforcement of legitimate system call usage. Namely, these contexts enforce that: system calls are only invoked with the correct calling convention, system calls are reached through legitimate control-flow paths, and all system call arguments are free from attacker corruption. By enforcing System Call Integrity with the previously mentioned contexts, this dissertation adds further evidence that context-sensitive defense strategies are superior to context-insensitive ones. BASTION is able to prevent over 32 real-world and synthesized exploits in its security evaluation and incurs negligible performance overhead (0.60%-2.01%). BASTION demonstrates that narrow and specialized exploit mitigation designs can be effective in more than one front, to the point that BASTION not only revents code re-use, but is capable of defending against any attack class that requires the utilization of system calls. / Doctor of Philosophy / Limited security defense deployment and weak security has serious consequences, as large scale cyber-attacks are now a common occurrence. This may be surprising since many defense techniques have been proposed; yet in reality, few have become dopted by the general public. To elaborate, designing an ideal defense that is strong security-wise but does not use any computer resources is challenging. In practice, there is no free lunch, and therefore a design must consider how to best balance security with performance in an effort to be practical for users to deploy their defense. Common tradeoffs include adverse side-effects such as slowing down user applications or imposing significant memory usage. Therefore, practical and strong defense design is important to promote integration into the next generation of computer hardware and software. By sustaining practical design, the needed jump between a proof-of-concept and implementing it on commodity computer chips is substantially smaller. A practical defense should foremost guarantee strong levels of security and should not slow down a user's applications. Ideally, a practical defense is implemented to the point it seems invisible to the user and they don't even notice it. However, balancing practicality with strong security is hard to achieve in practice.
This dissertation first reviews the current security landscape - specifically two important attack strategies are examined. First, code re-use attacks, are exactly what they sound like; code re-use essentially reuse various bits and pieces of program code to create an attack. Second, system call abuse. System calls are essential functions that ordinarily allow a user program to talk with a computer's operating system; they enable operations such as a program asking for more memory or reading and writing files. When system calls are maliciously abused, they can cause a computer to use up all its free memory or even launch an attacker-written program. This dissertation goes over how these attacks work and correspondingly explains popular defense strategies that have been proposed by the security community so far.
This dissertation then presents two defense system solutions that demonstrate how a practical defense system could be made. To that end, the full design, implementation, and evaluation of each defense system, named MARDU and BASTION, is presented. This dissertation leverages attack insights as well as compiler techniques to achieve its goal. A compiler is an essential developer tool that converts human written code into a computer program. Moreover, compilers can be used to apply additional optimizations and security hardening techniques to make a program more secure. This dissertation's first defense solution, MARDU, is a runtime randomization defense. MARDU protects programs by randomizing the location of code chunks throughout execution so that attackers cannot find the code pieces they need to create an attack. Notably, MARDU is the first randomization defense that is able to be seamlessly deployed system-wide and is backwards compatible with programs not outfitted with MARDU. This dissertation's second defense solution, BASTION, is a defense system that strictly focuses on protection of system calls in a program. As mentioned earlier, system calls are security critical functions that allow a program to talk a computer operating system. BASTION protects the entire computer by ensuring that every time a system call is called by a user program, it was rightfully requested by the program and not maliciously by an attacker. BASTION verifies this request is legitimate by confirming that the current program state meets a certain set of criteria.
|
9 |
On the (in)security of behavioral-based dynamic anti-malware techniquesErsan, Erkan 21 April 2017 (has links)
The Internet has become the primary vector for the delivery of malicious code in cyber attacks, and malware has rapidly become a pervasive critical threat. Anti- malware products offer effective protection from malware threats for servers and endpoint devices using a variety of techniques. Advanced enterprise-level anti-malware products rely on state-of-art behavioral-based detection algorithms, in addition to traditional signature-based mechanisms. These dynamic detection techniques have been around for more than a decade and in response hackers have developed methods to evade them. However, currently known bypass methods require intensive manual labor. Moreover, this manual work has to be repeated whenever a parameter of the environment (such as the payload, operating system, Antivirus version, etc) changes, making these methods impractical. This may lead to the belief that dynamic techniques provide a good deterrence, and hence good protection.
In this thesis we evaluate dynamic techniques. Specifically, we build tools to implement generic unhooking and funneling, and using these tools we show how dynamic techniques can be bypassed with considerably less effort than by fully manual methods. We also extend the repertoire of existing bypass methods and introduce a new malicious function call technique which exploits detection techniques that monitor a limited collection of critical system functions, as well as a method for bypassing guard-page protections. We demonstrate the effectiveness of all our techniques by conducting attacks against two enterprise antivirus products. Our results lead us to conclude that that dynamic techniques do not provide sufficient protection. / Graduate / 2018-02-07 / 0984 / erkanersan@gmail.com
|
Page generated in 0.1044 seconds