M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information System Security
, 13:4:1–4:40, 2009.Google Scholar
A. Avizienis and L. Chen. On the implementation of n-version programming for software fault tolerance during execution. In Proceedings of the International Computer Software and Applications Conference, pages 149–155, 1977.
Aleph One. Smashing the stack for fun and profit. Phrack Magazine, Issue 49, 1996.
Internet Explorer “Aurora” Attack, 2010. (CVE-2010-0249).
E.G. Barrantes, D.H. Ackley, S. Forrest, and D. Stefanović. Randomized Instruction Set Emulation. ACM Transactions on Information and System Security
, 8(1):3–40, 2005.Google Scholar
D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicae for defeating memory error exploits. In Proceedings of the International Workshop on Information Assurance, pages 434–441, 2007.
S. Bhatkar, D.C. DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105–120, 2003.
T. Bletsch, X. Jiang, and V. Freeh. Mitigating code-reuse attacks with control-flow locking. In Proceedings of the 27th Annual Computer Security Applications Conference, pages 353–362. ACM, 2011.
T. Bletsch, X. Jiang, V. Freeh, and Z. Liang. Jump-oriented programming: a new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pages 30–40, 2011.
E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: generalizing return-oriented programming to RISC. In Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 27–38, 2008.
S. Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy. Return-Oriented Programming without Returns. In Proceedings of the 17th ACM Conference on Computer and Communications Security, pages 559–72, 2010.
B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A Secretless Framework for Security through Diversity. In Proceedings of the 15th USENIX Security Symposium, pages 105–120, 2006.
C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, D. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proceedings of the 7th USENIX Security Symposium, pages 63–78, 1998.
P. Chen, X. Xing, H. Han, B. Mao, and L. Xie. Efficient Detection of the Return-oriented Programming Malicious Code. In Proceedings of the 6th International Conference on Information Systems Security, pages 140–155, 2010.
M. Franz. E unibus pluram: Massive-Scale Software Diversity as a Defense Mechanism. In Proceedings of the 2010 Workshop on New Security Paradigms, NSPW ’10, pages 7–16, New York, NY, USA, 2010. ACM.
Jin Han, Debin Gao, and Robert H. Deng. On the effectiveness of software diversity: A systematic study on real-world vulnerabilities. In Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 127–146, 2009.
R. Hund, T. Holz, and F.C. Freiling. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms. In Proceedings of the 18th USENIX Security Symposium, pages 383–398, 2009.
Intel Corporation. Intel 64 and IA-32 architectures optimization reference manual.
M. Jacob, M. Jakubowski, P. Naldurg, C. Saw, and R. Venkatesan. The superdiversifier: Peephole individualization for software protection. In K. Matsuura and E. Fujisaki, editors, Advances in Information and Computer Security, volume 5312 of Lecture Notes in Computer Science, pages 100–120. Springer Berlin / Heidelberg, 2008.
Todd Jackson, Babak Salamat, Andrei Homescu, Karthikeyan Manivannan, Gregor Wagner, Andreas Gal, Stefan Brunthaler, Christian Wimmer, and Michael Franz. Compiler-generated software diversity. In Sushil Jajodia, Anup K. Ghosh, Vipin Swarup, Cliff Wang, and X. Sean Wang, editors, Moving Target Defense, volume 54 of Advances in Information Security, pages 77–98. Springer New York, 2011.
G.S. Kc, A.D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 272–280, 2003.
S. Krahmer. x86-64 buffer overflow exploits and the borrowed code chunks exploitation techniques. 2005. http://www.suse.de/~krahmer/no-nx.pdf
Richard C. Linger. Systematic generation of stochastic diversity as an intrusion barrier in survivable systems software. In Proceedings of the Thirty-Second Annual Hawaii International Conference on System Sciences, pages 3062–, 1999.
H. Massalin. Superoptimizer: a look at the smallest program. In Proceedings of the Second International Conference on Architectual Support for Programming Languages and Operating Systems, pages 122–126, 1987.
S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In Proceedings of the 15th USENIX Security Symposium, pages 209–224, 2006.
A. Matrosov, E. Rodionov, D. Harley, and J. Malcho. Stuxnet Under the Microscope, 2010. http://go.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microsco%pe.pdf. Accessed 01/09/2012.
Nergal. The advanced return-into-lib(c) exploits: PaX case study. Phrack Magazine, Issue 58, 2001.
Anh Nguyen-Tuong, Andrew Wang, Jason D. Hiser, John C. Knight, and Jack W. Davidson. On the effectiveness of the metamorphic shield. In Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, pages 170–174, 2010.
K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-free: defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference, pages 49–58, 2010.
PaX. Homepage of The PaX Team
, 2009. http://pax.grsecurity.net
R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM Transactions in Information and Systems Security, 2011. To appear.
E. J. Schwartz, T. Avgerinos, and D. Brumley. Q: Exploit Hardening Made Easy. In Proceedings of the 20th USENIX Security Symposium, 2011.
B. Salamat, A. Gal, and M. Franz. Reverse Stack Execution in a Multi-Variant Execution Environment. In Workshop on Compiler and Architectural Techniques for Application Reliability and Security, 2008.
H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 552–561, 2007.
B. Salamat, T. Jackson, G. Wagner, C. Wimmer, and M. Franz. Run-Time Defense against Code Injection Attacks using Replicated Execution. IEEE Transactions on Dependable and Secure Computing, 2011.
P. Sole. Hanging on a ROPe. In ekoParty Security Conference
, 2010. http://www.immunitysec.com/downloads/DEPLIB20_ekoparty.pdf
scut / team teso. Exploiting Format String Vulnerabilities. 2001. http://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf
M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. W. Freeh, and P. Ning. On the Expressiveness of Return-into-libc Attacks. In Proceedings of the 14th Interntional Symposium on Recent Advances in Intrusion Detection, 2011.
D. W. Williams, W. Hu, J. W. Davidson, J. Hiser, J. C. Knight, and A. Nguyen-Tuong. Security through diversity: Leveraging virtual machine technology. IEEE Security & Privacy
, 7(1): 26–33, 2009.Google Scholar
B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native client: A sandbox for portable, untrusted x86 native code. In IEEE Symposium on Security and Privacy, pages 79–93, 2009.