Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

Tools

DAY, David and ZHAO, Zhengxu (2011). Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, 8 (4), 472-483. [Article]

[+][-]

Documents

5233:6683

[+][-]

5233:6683

[thumbnail of [IJAC-2010-04-048]+Protecting+Against+Address+Space+Layout+Randomization+(ASLR)+Compromises+and+Return-to-Libc+Attacks+Using+Network+Intrusion+Detection+Systems.pdf]

Preview

PDF
[IJAC-2010-04-048]+Protecting+Against+Address+Space+Layout+Randomization+(ASLR)+Compromises+and+Return-to-Libc+Attacks+Using+Network+Intrusion+Detection+Systems.pdf - Accepted Version

Download (946kB) | Preview

Abstract

Writable XOR eXecutable (W XOR X) and Address Space Layout Randomisation (ASLR), have elevated the understanding necessary to perpetrate buffer overflow exploits [1]. However, they have not proved to be a panacea [1] [2] [3] and so other mechanisms such as stack guards and prelinking have been introduced. In this paper we show that host based protection still does not offer a complete solution. To demonstrate, we perform an over the network brute force return-to-libc attack against a pre-forking concurrent server to gain remote access to W XOR X and ASLR. We then demonstrate that deploying a NIDS with appropriate signatures can detect this attack efficiently.

More Information

Official URL:

http://www.ijac.net:8080/Jwk_ijac/EN/abstract/abst...

Research Institute, Centre or Group - Does NOT include content added after October 2018:

Cultural Communication and Computing Research Institute > Communication and Computing Research Centre

Departments - Does NOT include content added after October 2018:

Faculty of Science, Technology and Arts > Department of Computing

Page Range:

472-483

Identifiers

Identification Number:

10.1007/s11633-011-0606-0