DAY, David and ZHAO, Zhengxu (2011). Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, 8 (4), 472-483.
|PDF - Accepted Version |
Download (924kB) | Preview
Writable XOR eXecutable (W XOR X) and Address Space Layout Randomisation (ASLR), have elevated the understanding necessary to perpetrate buffer overflow exploits . However, they have not proved to be a panacea    and so other mechanisms such as stack guards and prelinking have been introduced. In this paper we show that host based protection still does not offer a complete solution. To demonstrate, we perform an over the network brute force return-to-libc attack against a pre-forking concurrent server to gain remote access to W XOR X and ASLR. We then demonstrate that deploying a NIDS with appropriate signatures can detect this attack efficiently.
|Research Institute, Centre or Group:||Cultural Communication and Computing Research Institute > Communication and Computing Research Centre|
|Depositing User:||David Day|
|Date Deposited:||30 May 2012 17:46|
|Last Modified:||30 May 2012 17:46|
Actions (login required)
Downloads per month over past year