Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2017: Security and Trust Management pp 180–190Cite as

Exploit Prevention, Quo Vadis?

  • Conference paper
  • First Online:

  • 878 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10547))

Abstract

Exploits are advanced threats that take advantage of vulnerabilities in IT infrastructures. The technological background of the exploits has been changed during the years. Several significant protections have been introduced (e.g. Data Execution Prevention, Enhanced Mitigation Experience Toolkit, etc.), but attackers have always found effective ways to bypass any protection. This study gives a summary on the main software vulnerability exploitation methods including protections. Furthermore the study analyzes the capabilities and the predicted future of software exploitation in the light of the new protection technologies.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Li, Y., Lan, B., Sun, H., Su, C., Liu, Y., Zeng, Q.: Loop-oriented programming: a new code reuse attack to bypass modern defenses. In: 2015 IEEE Trustcom/BigDataSE/ISPA, pp. 91–97. IEEE Computer Society (2015)

    Google Scholar 

  2. Bittau, A., Belay, A., Mashtizadeh, A., Mazieres, D., Boneh, D.: Hacking blind (2015). http://www.scs.stanford.edu/sorbo/brop/bittau-brop.pdf

  3. Bletsch, T., Jiang, X., Freeh, V.: Jump-oriented programming: a new class of code-reuse attack. In: 17th ACM Computer and Communications Security (2010)

    Google Scholar 

  4. Bosman, E., Bos, H.: Framing signalsa return to portable shellcode. In: SP 2014 Proceedings of the IEEE Symposium on Security and Privacy, pp. 243–258 (2014)

    Google Scholar 

  5. Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses (2014). https://people.eecs.berkeley.edu/daw/papers/rop-usenix14.pdf

  6. cvedetails.com. CVE details - the ultimate security vulnerability datasourse. http://cvedetails.com

  7. Davi, L., Liebchen, C., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: NDSS Symposium 2015 (2015)

    Google Scholar 

  8. CWE Common Weakness Enumeration. CWE-416: use after free (2012). https://cwe.mitre.org/data/definitions/416.html

  9. Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR (2016). http://www.cs.ucr.edu/nael/pubs/micro16.pdf

  10. Ferguson, J.N.: Understanding the heap by breaking it (2007). http://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf

  11. Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks (2016). http://ieeexplore.ieee.org/iel7/7528194/7546461/07546545.pdf

  12. Intel. Control-flow enforcement technology preview (2016). https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

  13. Johnson, K., Miller, M.: Exploit mitigation improvements in Windows 8 (2012). http://media.blackhat.com/bh-us-12/Briefings/M_Miller/BH_US_12_Miller_Exploit_Mitigation_Slides.pdf

  14. Kaempf, M.: Smashing the heap for fun and profit. Phrack Mag. 57(11), 8 (2001)

    Google Scholar 

  15. Kondratenko, A.: CVE-2017-3881 Cisco Catalyst RCE Proof-of-Concept (2017). https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/

  16. Levy, E.: Smashing the stack for fun and profit. Phrack Mag. 49(14), 8 (1996)

    Google Scholar 

  17. Seka, R., Li, L., Just, J.E.: Address-space randomization for windows systems (2012). http://seclab.cs.sunysb.edu/seclab/pubs/acsac06.pdf

  18. Microsoft: A detailed description of the data execution prevention (DEP) feature in windows XP service pack 2, windows XP tablet pc edition 2005, and windows server 2003 (2006). https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in-windows-xp-service-pack-2-windows-xp-tablet-pc-edition-2005-and-windows-server-2003

  19. Microsoft: Preventing the exploitation of structured exception handler (SEH) overwrites with sehop (2009). https://blogs.technet.microsoft.com/srd/2009/02/02/preventing-the-exploitation-of-structured-exception-handler-seh-overwrites-with-sehop/

  20. Microsoft: The enhanced mitigation experience toolkit (2012). https://support.microsoft.com/en-us/help/2458544/the-enhanced-mitigation-experience-toolkit

  21. Paloalto Networks. Traps administrators guide (2017). https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/32/endpoint/endpoint-admin-guide/section_1.pdf

  22. Pak, B.: Microsoft edge (Windows 10) - ‘chakra.dll’ info leak/type confusion remote code execution (2017). https://www.exploit-db.com/exploits/40990/

  23. Schuster, F., Tendyck, T., Liebcheny, C., Daviy, L., Sadeghiy, A.-R., Holz, T.: Counterfeit object-oriented programming - on the difficulty of preventing code reuse attacks in C++ applications (2015). http://syssec.rub.de/media/emma/veroeffentlichungen/2015/03/28/COOP-Oakland15.pdf

  24. scut/team teso. Exploiting format string vulnerabilities (2001). https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf

  25. Offensive Security. Offensive securitys exploit database archive. https://www.exploit-db.com/

  26. Shacham, H., Buchanan, E., Roemer, R., Savage, S.: Return-oriented programming: exploitation without code injection (2008). https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf

  27. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization (2004). http://benpfaff.org/papers/asrandom.pdf

  28. El Sherei, S.: Return to libc. https://www.exploit-db.com/docs/28553.pdf

  29. Tang, J.: Exploring control flow guard in Windows 10 (2016). http://sjc1-te-ftp.trendmicro.com/assets/wp/exploring-control-flow-guard-in-windows10.pdf

  30. Corelan Team: Exploit writing tutorial part 11: heap spraying demystified (2011). https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/

  31. Ars Technica: Firefox 0-day in the wild is being used to attack tor users (2016). https://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/

  32. Blogger technology: Metasploit. https://blgtechn.blogspot.no/2012/08/metasploit.html

  33. van Schaik, S., Razavi, K., Gras, B., Bos, H., Giuffrida, C.: Reverse engineering hardware page table caches using side-channel attacks on the MMU (2017). http://www.cs.vu.nl/herbertb/download/papers/revanc_ir-cs-77.pdf

  34. Wagle, P.M.: Stackguard: simple buffer overflow protection for GCC. In: Proceedings of the GCC Developers Summit, pp. 243–256 (2003)

    Google Scholar 

  35. Wikipedia. Exploit (computer security) (2010). https://en.wikipedia.org/wiki/Exploit_(computer_security)

  36. Yason, M.V.: Understanding the attack surface and attack resilience of project spartans (edge) new edgehtml rendering engine (2015). https://www.blackhat.com/docs/us-15/materials/us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine-wp.pdf

Download references

Author information

Authors and Affiliations

  1. University of Oslo, Oslo, Norway

    László Erdődi & Audun Jøsang

Authors
  1. László Erdődi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Audun Jøsang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to László Erdődi .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Crema, Italy

    Giovanni Livraga

  2. University of London, Egham, United Kingdom

    Chris Mitchell

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Erdődi, L., Jøsang, A. (2017). Exploit Prevention, Quo Vadis?. In: Livraga, G., Mitchell, C. (eds) Security and Trust Management. STM 2017. Lecture Notes in Computer Science(), vol 10547. Springer, Cham. https://doi.org/10.1007/978-3-319-68063-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68063-7_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68062-0

  • Online ISBN: 978-3-319-68063-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation