ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks Mariano Graziano, Davide Balzarotti, Alain Zidouemba Cisco Systems, Inc. Eurecom AsiaCCS 2016 -‐ Xi’an, China CODE INJECTIONS CODE INJECTIONS Attackers load or inject malicious code (or modify the existing one) CODE REUSE - ROP CODE REUSE - ROP MOTIVATIONS ‣ HW and OS countermeasures force ROP adoption MOTIVATIONS ‣ HW and OS countermeasures force ROP adoption ‣ Vogl et al. [NDSS 2014] — Persistent ROP rootkit ‣ ROP as an obfuscation technique adopted by malware ‣ All existing tools cope with injected code ‣ Lack of RE tools to analyze/dissect/decompile ROP CHALLENGES CHALLENGES [C1] Verbosity CHALLENGES [C1] Verbosity [C2] Lack of immediate values

Mariano Graziano, Davide Balzarotti, Alain Zidouemba Cisco Systems, Inc. Eurecom Asia PDF

31 Pages

2016

2.05 MB

English

Checking for file health...

Preview Mariano Graziano, Davide Balzarotti, Alain Zidouemba Cisco Systems, Inc. Eurecom Asia

ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks Mariano Graziano, Davide Balzarotti, Alain Zidouemba Cisco Systems, Inc. Eurecom AsiaCCS 2016 -‐ Xi’an, China CODE INJECTIONS CODE INJECTIONS Attackers load or inject malicious code (or modify the existing one) CODE REUSE - ROP CODE REUSE - ROP MOTIVATIONS ‣ HW and OS countermeasures force ROP adoption MOTIVATIONS ‣ HW and OS countermeasures force ROP adoption ‣ Vogl et al. [NDSS 2014] — Persistent ROP rootkit ‣ ROP as an obfuscation technique adopted by malware ‣ All existing tools cope with injected code ‣ Lack of RE tools to analyze/dissect/decompile ROP CHALLENGES CHALLENGES [C1] Verbosity CHALLENGES [C1] Verbosity [C2] Lack of immediate values

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.