Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

Download Now
Provided by: University of North Alabama
Topic: Security
Format: PDF
Fine-grained Address Space Layout Randomization (ASLR) has recently been proposed as a method of efficiently mitigating runtime attacks. In this paper, the authors introduce the design and implementation of a framework based on a novel attack strategy, dubbed just-in-time code reuse that undermines the benefits of fine-grained ASLR. Specifically, they derail the assumptions embodied in fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on-the-fly, dynamically discover API functions and gadgets, and JIT-compile a target program using those gadgets - all within a script environment at the time an exploit is launched.
Download Now

Find By Topic