Software for Protection Against Code Reuse Attackers
- 总结
- Researchers at Purdue University have developed technology to defend software code from code-reuse attacks. This technology randomizes the internal structure of the executable code by randomly shuffling the function blocks in the target binary. This tool, called Marlin, implements a fine grained randomization based approach by modifying the layout of the executable code, thereby hindering code-reuse attack. Subsequently, the attacker is blocked from necessary knowledge of instruction addresses for code-reuse attacks. This technology can be applied to any ELF binary and every execution of it uses a different randomization.
- 技术优势
- Prevents code-reuse attacks, on software codeRandomizes the internal structure of code by using different randomizations for each execution
- 技术应用
- SoftwareCybersecurity
- 详细技术说明
- Elisa BertinoDatabase and Information Security GroupCyber CenterCERIASPurdue Computer Science
- *Abstract
-
- *Background
- Code reuse attacks, such as return-oriented programming, are a class of buffer overflow attacks that repurpose existing executable code towards malicious purposes. These attacks bypass defenses by chaining sequences of instructions or "gadgets" together, which rely on the knowledge of memory layout of the executable code to execute the desired attack logic.
- *IP Issue Date
- None
- *IP Type
- Other Patent
- *Stage of Development
- Process Validation in Lab
- *Web Links
- Purdue Office of Technology CommercializationPurdueInnovation and EntrepreneurshipElisa BertinoDatabase and Information Security GroupCyber CenterCERIASPurdue Computer Science
- 国家
- United States
- 申请号码
- None
- 国家/地区
- 美国
欲了解更多信息,请点击 这里
