Nytro Posted March 1, 2013 Report Posted March 1, 2013 [h=3]Mitigating Return-Oriented Programing Attacks and Other Exploitation Attempts via Secure API Execution[/h]AbstractWith the discovery of new exploit techniques, newprotection mechanisms are needed as well. Mit-igations like DEP (Data Execution Prevention)or ASLR (Address Space Layout Randomization)created a significantly more difficult environmentfor vulnerability exploitation. Attackers, however,have recently developed new exploitation methodswhich are capable of bypassing the operating sys-tem’s security protection mechanisms.Currently Return-Oriented Programming at-tacks are used heavily for the exploitation purposes.In order to protect against such attacks, we havedeveloped a solution which decreases the probabil-ity of successful exploitation by the attacker. Weare able to achieve this goal by estimating and lim-iting the places from where selected (protected)API functions can be referenced. Our solution doesnot require program source code and can be imple-mented for both user mode and kernel mode pro-grams. Currently the prototype works on IA-32compatible processors.Our solution decreases the possibility of suc-cessful vulnerability exploitation without notice-able performance impact and false-positive alerts.Our work is not only limited to Return-OrientedProgramming attacks. It can also harden shellcodeexecution and other exploitation methods as well.Download:http://piotrbania.com/all/articles/pbania-secure-api2011.pdf Quote
