Full Disclosure mailing list archives
PAPER: Security Mitigations for Return-Oriented Programming Attacks
From: "Piotr Bania" <bania.piotr () gmail com>
Date: Mon, 23 Aug 2010 07:29:42 +0200
ABSTRACT With the discovery of new exploit techniques, new protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for vulnerability exploitation. Attackers, however, have recently developed new exploitation methods which are capable of bypassing the operating system's security protection mechanisms. In this paper we present a short summary of novel and known mitigation techniques against return-oriented programming (ROP) attacks. The techniques described in this article are related mostly to x86-32 processors and Microsoft Windows operating systems. PAPER LINK: http://kryptoslogic.com/download/ROP_Whitepaper.pdf MIRROR LINK: http://piotrbania.com/all/articles/pbania_rop_mitigations2010.pdf best regards, pb -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PAPER: Security Mitigations for Return-Oriented Programming Attacks Piotr Bania (Aug 22)