Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems

Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1–3], and so other mechanisms, such as stack guards and prelinking, have been introduced. In...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Machine intelligence research (Print) Ročník 8; číslo 4; s. 472 - 483
Hlavní autoři: Day, David J, Zhao, Zheng-Xu
Médium: Journal Article
Jazyk:angličtina
Vydáno: Beijing Springer Nature B.V 01.11.2011
Témata:
Guards
Intrusion detection systems
Layouts
Randomization
ISSN:2153-182X, 2153-1838
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1–3], and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2153-182X
2153-1838
DOI:10.1007/s11633-011-0606-0