Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

DAY, David and ZHAO, Zhengxu (2011). Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, 8 (4), 472-483. [Article]

Documents
5233:6683
[thumbnail of [IJAC-2010-04-048]+Protecting+Against+Address+Space+Layout+Randomization+(ASLR)+Compromises+and+Return-to-Libc+Attacks+Using+Network+Intrusion+Detection+Systems.pdf]
Preview
PDF
[IJAC-2010-04-048]+Protecting+Against+Address+Space+Layout+Randomization+(ASLR)+Compromises+and+Return-to-Libc+Attacks+Using+Network+Intrusion+Detection+Systems.pdf - Accepted Version

Download (946kB) | Preview
Abstract
Writable XOR eXecutable (W XOR X) and Address Space Layout Randomisation (ASLR), have elevated the understanding necessary to perpetrate buffer overflow exploits [1]. However, they have not proved to be a panacea [1] [2] [3] and so other mechanisms such as stack guards and prelinking have been introduced. In this paper we show that host based protection still does not offer a complete solution. To demonstrate, we perform an over the network brute force return-to-libc attack against a pre-forking concurrent server to gain remote access to W XOR X and ASLR. We then demonstrate that deploying a NIDS with appropriate signatures can detect this attack efficiently.
More Information
Statistics

Downloads

Downloads per month over past year

Metrics

Altmetric Badge

Dimensions Badge

Share
Add to AnyAdd to TwitterAdd to FacebookAdd to LinkedinAdd to PinterestAdd to Email

Actions (login required)

View Item View Item