Abstract
Exploits are advanced threats that take advantage of vulnerabilities in IT infrastructures. The technological background of the exploits has been changed during the years. Several significant protections have been introduced (e.g. Data Execution Prevention, Enhanced Mitigation Experience Toolkit, etc.), but attackers have always found effective ways to bypass any protection. This study gives a summary on the main software vulnerability exploitation methods including protections. Furthermore the study analyzes the capabilities and the predicted future of software exploitation in the light of the new protection technologies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Li, Y., Lan, B., Sun, H., Su, C., Liu, Y., Zeng, Q.: Loop-oriented programming: a new code reuse attack to bypass modern defenses. In: 2015 IEEE Trustcom/BigDataSE/ISPA, pp. 91–97. IEEE Computer Society (2015)
Bittau, A., Belay, A., Mashtizadeh, A., Mazieres, D., Boneh, D.: Hacking blind (2015). http://www.scs.stanford.edu/sorbo/brop/bittau-brop.pdf
Bletsch, T., Jiang, X., Freeh, V.: Jump-oriented programming: a new class of code-reuse attack. In: 17th ACM Computer and Communications Security (2010)
Bosman, E., Bos, H.: Framing signalsa return to portable shellcode. In: SP 2014 Proceedings of the IEEE Symposium on Security and Privacy, pp. 243–258 (2014)
Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses (2014). https://people.eecs.berkeley.edu/daw/papers/rop-usenix14.pdf
cvedetails.com. CVE details - the ultimate security vulnerability datasourse. http://cvedetails.com
Davi, L., Liebchen, C., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: NDSS Symposium 2015 (2015)
CWE Common Weakness Enumeration. CWE-416: use after free (2012). https://cwe.mitre.org/data/definitions/416.html
Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR (2016). http://www.cs.ucr.edu/nael/pubs/micro16.pdf
Ferguson, J.N.: Understanding the heap by breaking it (2007). http://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf
Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks (2016). http://ieeexplore.ieee.org/iel7/7528194/7546461/07546545.pdf
Intel. Control-flow enforcement technology preview (2016). https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
Johnson, K., Miller, M.: Exploit mitigation improvements in Windows 8 (2012). http://media.blackhat.com/bh-us-12/Briefings/M_Miller/BH_US_12_Miller_Exploit_Mitigation_Slides.pdf
Kaempf, M.: Smashing the heap for fun and profit. Phrack Mag. 57(11), 8 (2001)
Kondratenko, A.: CVE-2017-3881 Cisco Catalyst RCE Proof-of-Concept (2017). https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
Levy, E.: Smashing the stack for fun and profit. Phrack Mag. 49(14), 8 (1996)
Seka, R., Li, L., Just, J.E.: Address-space randomization for windows systems (2012). http://seclab.cs.sunysb.edu/seclab/pubs/acsac06.pdf
Microsoft: A detailed description of the data execution prevention (DEP) feature in windows XP service pack 2, windows XP tablet pc edition 2005, and windows server 2003 (2006). https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in-windows-xp-service-pack-2-windows-xp-tablet-pc-edition-2005-and-windows-server-2003
Microsoft: Preventing the exploitation of structured exception handler (SEH) overwrites with sehop (2009). https://blogs.technet.microsoft.com/srd/2009/02/02/preventing-the-exploitation-of-structured-exception-handler-seh-overwrites-with-sehop/
Microsoft: The enhanced mitigation experience toolkit (2012). https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit
Paloalto Networks. Traps administrators guide (2017). https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/32/endpoint/endpoint-admin-guide/section_1.pdf
Pak, B.: Microsoft edge (Windows 10) - ‘chakra.dll’ info leak/type confusion remote code execution (2017). https://www.exploit-db.com/exploits/40990/
Schuster, F., Tendyck, T., Liebcheny, C., Daviy, L., Sadeghiy, A.-R., Holz, T.: Counterfeit object-oriented programming - on the difficulty of preventing code reuse attacks in C++ applications (2015). http://syssec.rub.de/media/emma/veroeffentlichungen/2015/03/28/COOP-Oakland15.pdf
scut/team teso. Exploiting format string vulnerabilities (2001). https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf
Offensive Security. Offensive securitys exploit database archive. https://www.exploit-db.com/
Shacham, H., Buchanan, E., Roemer, R., Savage, S.: Return-oriented programming: exploitation without code injection (2008). https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization (2004). http://benpfaff.org/papers/asrandom.pdf
El Sherei, S.: Return to libc. https://www.exploit-db.com/docs/28553.pdf
Tang, J.: Exploring control flow guard in Windows 10 (2016). http://sjc1-te-ftp.trendmicro.com/assets/wp/exploring-control-flow-guard-in-windows10.pdf
Corelan Team: Exploit writing tutorial part 11: heap spraying demystified (2011). https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
Ars Technica: Firefox 0-day in the wild is being used to attack tor users (2016). https://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
Blogger technology: Metasploit. https://blgtechn.blogspot.no/2012/08/metasploit.html
van Schaik, S., Razavi, K., Gras, B., Bos, H., Giuffrida, C.: Reverse engineering hardware page table caches using side-channel attacks on the MMU (2017). http://www.cs.vu.nl/herbertb/download/papers/revanc_ir-cs-77.pdf
Wagle, P.M.: Stackguard: simple buffer overflow protection for GCC. In: Proceedings of the GCC Developers Summit, pp. 243–256 (2003)
Wikipedia. Exploit (computer security) (2010). https://en.wikipedia.org/wiki/Exploit_(computer_security)
Yason, M.V.: Understanding the attack surface and attack resilience of project spartans (edge) new edgehtml rendering engine (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine-wp.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Erdődi, L., Jøsang, A. (2017). Exploit Prevention, Quo Vadis?. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-68063-7_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-68062-0
Online ISBN: 978-3-319-68063-7
eBook Packages: Computer ScienceComputer Science (R0)