We provide a systematic overview of sanitizers with an emphasis on their role in finding security issues.
To appear in SP 2019,
In this paper, we first significantly improve and simplify the COOP attack. Based on a strong adversarial model, we then present the design and implementation of a comprehensive code-reuse defense which is resilient against reuse of dynamically-bound functions.
In this paper we show how to exploit heap-based vulnerabilities to control the stack contents including security-critical values used to validate control-flow transfers. Our investigation shows that although program analysis and compiler-based mitigations reduce stack-based vulnerabilities, stack-based memory corruption remains an open problem.
In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks.
We show that an attacker can accurately identify protected code pointers of interest and mount code-reuse attacks at the abstraction level of pointers without requiring any knowledge of code addresses. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits against Nginx and Apache to demonstrate their practicality.
Opaque CFI (O-CFI) is the first exploit mitigation technique that resists this latest wave of attacks against fine-grained code randomization. By combining fine-grained code-randomization with coarse-grained integrity checks, it conceals the graph of hijackable control-flow edges even from attackers who can view the complete stack, heap, and binary code of the victim process.
In this paper, we systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches.
We use profile-guided optimization to reduce the performance overhead of software diversity. The primary insight is that we are free to diversify cold code, but restrict our diversification efforts in hot code.