Article

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

Authors:

Kevin Z. Snow,

Fabian Monrose,

Lucas Davi,

Alexandra Dmitrienko,

Christopher Liebchen,

Ahmad-Reza SadeghiAuthors Info & Claims

SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

Pages 574 - 588

https://doi.org/10.1109/SP.2013.45

Published: 19 May 2013 Publication History

Abstract

Fine-grained address space layout randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this paper, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, that undermines the benefits of fine-grained ASLR. Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets -- all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought.

Cited By

View all

Louka ADionysiou AAthanasopoulos E(2024)Validating Memory Safety in Rust BinariesProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652281(8-14)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652281
Ahmed SLiljestrand HJamjoom HHicks MAsokan NYao DCalandrino JTroncoso C(2023)Not all data are created equalProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620318(1433-1450)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620318
Yagemann CChung SSaltaformaggio BLee WCalandrino JTroncoso C(2023)PUMMProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620284(823-840)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620284
Show More Cited By

Recommendations

Kernel Protection Against Just-In-Time Code Reuse

The abundance of memory corruption and disclosure vulnerabilities in kernel code necessitates the deployment of hardening techniques to prevent privilege escalation attacks. As stricter memory isolation mechanisms between the kernel and user space ...
Code-reuse attacks: new frontiers and defenses
Building Secure Defenses Against Code-Reuse Attacks

Comments

Information & Contributors

Information

Published In

SP '13: Proceedings of the 2013 IEEE Symposium on Security and Privacy

May 2013

571 pages

ISBN:9780769549774

Publisher

IEEE Computer Society

United States

Publication History

Published: 19 May 2013

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

151
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Louka ADionysiou AAthanasopoulos E(2024)Validating Memory Safety in Rust BinariesProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652281(8-14)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652281
Ahmed SLiljestrand HJamjoom HHicks MAsokan NYao DCalandrino JTroncoso C(2023)Not all data are created equalProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620318(1433-1450)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620318
Yagemann CChung SSaltaformaggio BLee WCalandrino JTroncoso C(2023)PUMMProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620284(823-840)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620284
Sah PHicks M(2023)Hitchhiker's Guide to Secure Checkpointing on Energy-Harvesting SystemsProceedings of the 11th International Workshop on Energy Harvesting & Energy-Neutral Sensing Systems10.1145/3628353.3628542(8-15)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3628353.3628542
Bauman EDuan JHamlen KLin Z(2023)Renewable Just-In-Time Control-Flow IntegrityProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607239(580-594)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607239
Zeng KLin ZLu KXing XWang RDoupé AShoshitaishvili YBao TMeng WJensen CCremers CKirda E(2023)RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel ProtectionsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623220(3093-3107)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623220
Porter CKhan SPande SAamodt TJerger NSwift M(2023)Decker: Attack Surface Reduction via On-Demand Code MappingProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3575693.3575734(192-206)Online publication date: 27-Jan-2023
https://dl.acm.org/doi/10.1145/3575693.3575734
Berlakovich FBrunthaler SFedorova ANarayanan DDi Luna GQuerzoni L(2023)R2C: AOCR-Resilient Diversity with Reactive and Reflective CamouflageProceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587439(488-504)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3552326.3587439
Mustafa NSolihin Y(2023)Persistent Memory Security Threats to Interprocess IsolationIEEE Micro10.1109/MM.2023.326493843:5(16-23)Online publication date: 10-Apr-2023
https://dl.acm.org/doi/10.1109/MM.2023.3264938
Makhdoom IAbolhasan MFranklin DLipman JZimmermann CPiccardi MShariati N(2023)Detecting compromised IoT devicesComputers and Security10.1016/j.cose.2023.103384132:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103384
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Kernel Protection Against Just-In-Time Code Reuse

Code-reuse attacks: new frontiers and defenses

Building Secure Defenses Against Code-Reuse Attacks

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations