advanced
David J Day and Zheng-Xu Zhao. Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, vol. 8, no. 4, pp. 472-483, 2011. DOI: 10.1007/s11633-011-0606-0
Citation: David J Day and Zheng-Xu Zhao. Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems. International Journal of Automation and Computing, vol. 8, no. 4, pp. 472-483, 2011. DOI: 10.1007/s11633-011-0606-0
shu

Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems

    Graphical Abstract
    • Abstract
  • Writable XOR executable (WX) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits1. However, they have not proved to be a panacea1-3, and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including WX and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently.
    • FullText(HTML)
  • loading
    • References (62)
    • Related Articles
  • Supplements (0)

Catalog

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return