Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisor-based memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, and OS independent protection against all spraying techniques known to date. We developed a prototype open source framework based on our approach, and we thoroughly evaluated it against all known variations of spraying attacks on two operating systems: Linux and Microsoft Windows. Our tool can be applied out of the box to protect any application, and its overhead can be tuned according to the application behavior and to the desired level of protection.
Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks / S. Cristalli, M. Pagnozzi, M. Graziano, A. Lanzi, D. Balzarotti - In: Proceedings of the 25rd USENIX Security Symposium (USENIX Security)[s.l] : Usenix, 2016 Aug. - ISBN 9781931971324. - pp. 431-466 (( Intervento presentato al 25. convegno USENIX Security Symposium tenutosi a Austin nel 2016.
Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
S. Cristalli;A. Lanzi;
2016
Abstract
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisor-based memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, and OS independent protection against all spraying techniques known to date. We developed a prototype open source framework based on our approach, and we thoroughly evaluated it against all known variations of spraying attacks on two operating systems: Linux and Microsoft Windows. Our tool can be applied out of the box to protect any application, and its overhead can be tuned according to the application behavior and to the desired level of protection.
| File | Dimensione | Formato | |
|---|---|---|---|
|
sec16_paper_cristalli.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
352.77 kB
Formato
Adobe PDF
|
352.77 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
