Analysis of return oriented programming and countermeasures
Author(s)
Soderstrom, Eric K
DownloadFull printable version (4.593Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Martin Rinard and Hamed Okhravi.
Terms of use
Metadata
Show full item recordAbstract
Introduction: Attackers have relatively success in defeating modern defensive techniques by using an exploitation method known as "code reuse." This class of exploitation techniques makes use of the lack of memory safety in C which allows an attacker to redirect a program's control flow to pre-existing snippets of code. Code reuse attacks have historically been a powerful and ubiquitous exploitation technique [2]. Even as recently as 2014 there has been an outbreak of these code reuse attacks, targeting such applications as Adobe, Internet Explorer, and Firefox 15]. Many defensive countermeasures have been taken by the security community, ranging from data execution prevention to varying degrees of code randomization. This thesis can roughly be broken into two halves: 1. Show how code reuse attacks can leverage timing information in order to break many existing defenses. 2. Investigate how control flow integrity can be improved upon as a countermeasure to code reuse attacks ...
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2014. Missing pages 3 and 4 (abstract). Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 63-65).
Date issued
2014Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.