%0 Conference Paper %1 TUD-CS-2013-0026 %A Snow, Kevin Z. %A Davi, Lucas %A Dmitrienko, Alexandra %A Liebchen, Christopher %A Monrose, Fabian %A Sadeghi, Ahmad-Reza %B IEEE Symposium on Security and Privacy (S&P) %D 2013 %K ASLR Code International-Conference-Workshop-Papers-Book-Chapters Just-in-time myown reuse %T Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (best student paper award) %X Fine-grained address space layout randomization(ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this paper, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, that undermines the benefits of fine-grained ASLR. Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application’s memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets—all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought.

@inproceedings{TUD-CS-2013-0026, abstract = {Fine-grained address space layout randomization(ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this paper, we introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse, that undermines the benefits of fine-grained ASLR. Specifically, we derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application’s memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets—all within a script environment at the time an exploit is launched. We demonstrate the power of our framework by using it in conjunction with a real-world exploit against Internet Explorer, and also provide extensive evaluations that demonstrate the practicality of just-in-time code reuse attacks. Our findings suggest that fine-grained ASLR may not be as promising as first thought.}, added-at = {2020-05-03T20:09:10.000+0200}, author = {Snow, Kevin Z. and Davi, Lucas and Dmitrienko, Alexandra and Liebchen, Christopher and Monrose, Fabian and Sadeghi, Ahmad-Reza}, biburl = {https://www.bibsonomy.org/bibtex/226b1325252430ba94d189e307a59437c/sssgroup}, booktitle = {IEEE Symposium on Security and Privacy (S&P)}, interhash = {ca9da5f43b625bbde43b6ab4dbe923e4}, intrahash = {26b1325252430ba94d189e307a59437c}, keywords = {ASLR Code International-Conference-Workshop-Papers-Book-Chapters Just-in-time myown reuse}, month = may, pdf = {https://se2.informatik.uni-wuerzburg.de/publications/download/paper/1507.pdf}, timestamp = {2022-12-19T23:55:39.000+0100}, title = {Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (best student paper award)}, venue = {S&P}, year = 2013 }