Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

DAY, David and ZHAO, Zhengxu (2011). Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, 8 (4), 472-483.

[img]
Preview
PDF - Accepted Version
Download (924kB) | Preview
    Official URL: http://www.ijac.net:8080/Jwk_ijac/EN/abstract/abst...
    Link to published version:: 10.1007/s11633-011-0606-0

    Abstract

    Writable XOR eXecutable (W XOR X) and Address Space Layout Randomisation (ASLR), have elevated the understanding necessary to perpetrate buffer overflow exploits [1]. However, they have not proved to be a panacea [1] [2] [3] and so other mechanisms such as stack guards and prelinking have been introduced. In this paper we show that host based protection still does not offer a complete solution. To demonstrate, we perform an over the network brute force return-to-libc attack against a pre-forking concurrent server to gain remote access to W XOR X and ASLR. We then demonstrate that deploying a NIDS with appropriate signatures can detect this attack efficiently.

    Item Type: Article
    Research Institute, Centre or Group: Cultural Communication and Computing Research Institute > Communication and Computing Research Centre
    Identification Number: 10.1007/s11633-011-0606-0
    Depositing User: David Day
    Date Deposited: 30 May 2012 17:46
    Last Modified: 01 Aug 2013 12:07
    URI: http://shura.shu.ac.uk/id/eprint/5233

    Actions (login required)

    View Item

    Downloads

    Downloads per month over past year

    View more statistics