Abstract
Data-oriented attacks manipulate non-control data to alter a program’s benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented Programming (BOP) attacks, to their assumptions/requirements and attack capabilities. Then, we compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. It is generally believed that control flows may not be useful for data-oriented security. However, data-oriented attacks (especially DOP attacks) may generate side effects on control-flow behaviors in multiple dimensions (i.e., incompatible branch behaviors and frequency anomalies). We also characterize control-flow anomalies caused by data-oriented attacks. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions.
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13, 1 (2009), 1–40. Google Scholar
Digital Library
- Tigist Abera, N. Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman, Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. 2016. C-FLAT: Control-flow attestation for embedded systems software. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). 743–754. Google Scholar
Digital Library
- Salman Ahmed, Ya Xiao, Kevin Z Snow, Gang Tan, Fabian Monrose, and Danfeng Yao. 2020. Methodologies for quantifying (Re-) randomization security and timing under JIT-ROP. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1803–1820. Google Scholar
Digital Library
- Periklis Akritidis, Cristian Cadar, Costin Raiciu, Manuel Costa, and Miguel Castro. 2008. Preventing memory error exploits with WIT. In Proceedings of the IEEE Symposium on Security and Privacy (sp’08). IEEE, 263–277. Google Scholar
Digital Library
- Starr Andersen and Vincent Abella. 2004. Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies.Google Scholar
- Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, and Jannik Pewny. 2014. You can run but you can’t read: Preventing disclosure exploits in executable code. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 1342–1353. Google Scholar
Digital Library
- Arati Baliga, Pandurang Kamat, and Liviu Iftode. 2007. Lurking in the shadows: Identifying systemic threats to kernel data. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). IEEE, 246–251. Google Scholar
Digital Library
- Brian Belleville, Hyungon Moon, Jangseop Shin, Dongil Hwang, Joseph M. Nash, Seonhwa Jung, Yeoul Na, Stijn Volckaert, Per Larsen, Yunheung Paek, et al. 2018. Hardware assisted randomization of data. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 337–358.Google Scholar
Cross Ref
- Sandeep Bhatkar and R. Sekar. 2008. Data space randomization. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 1–22. Google Scholar
Digital Library
- David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi. 2015. Timely rerandomization for mitigating memory disclosures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 268–279. Google Scholar
Digital Library
- The Heartbleed Bug. 2020. Retrieved April 3, 2020 from http://heartbleed.com.Google Scholar
- Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-flow integrity: Precision, security, and performance. ACM Comput. Surv. 50, 1 (2017), 1–33. Google Scholar
Digital Library
- Cristian Cadar, Periklis Akritidis, Manuel Costa, Jean-Phillipe Martin, and Miguel Castro. 2008. Data Randomization. Technical Report TR-2008-120. Microsoft Research, 2008.Google Scholar
- Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-flow bending: On the effectiveness of control-flow integrity. In Proceedings of the 24th USENIX Security Symposium (USENIX Security’15). 161–176. Google Scholar
Digital Library
- Miguel Castro, Manuel Costa, and Tim Harris. 2006. Securing software by enforcing data-flow integrity. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation. 147–160. Google Scholar
Digital Library
- Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. 2012. Unleashing mayhem on binary code. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 380–394. Google Scholar
Digital Library
- Quan Chen, Ahmed M. Azab, Guruprasad Ganesh, and Peng Ning. 2017. Privwatcher: Non-bypassable monitoring and protection of process credentials from memory corruption attacks. In Proceedings of the ACM on Asia Conference on Computer and Communications Security. 167–178. Google Scholar
Digital Library
- Shuo Chen, Jun Xu, Emre Can Sezer, Prachi Gauriar, and Ravishankar K. Iyer. 2005. Non-control-data attacks are realistic threats. In Proceedings of the USENIX Security Symposium, Vol. 5. Google Scholar
Digital Library
- Yue Chen, Zhi Wang, David Whalley, and Long Lu. 2016. Remix: On-demand live randomization. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY’16). ACM, 50–61. Google Scholar
Digital Library
- Long Cheng, Ke Tian, and Danfeng Yao. 2017. Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In Proceedings of the Annual Computer Security Applications Conference (ACSAC’17). Association for Computing Machinery, New York, NY, USA, 315–326. Google Scholar
Digital Library
- Long Cheng, Ke Tian, Daphne Yao, Lui Sha, and Raheem A. Beyah. 2019. Checking is believing: Event-aware program anomaly detection in cyber-physical systems. IEEE Trans. Depend. Sec. Comput. 18, 2 (2019), 825–842.Google Scholar
Digital Library
- Matthew Cole and Aravind Prakash. 2020. Simplex: Repurposing Intel memory protection extensions for information hiding. arxiv:2009.06490 [cs.CR]. Retrieved from https://arxiv.org/abs/2009.06490.Google Scholar
- Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, and Ahmad-Reza Sadeghi. 2016. Selfrando: Securing the tor browser against de-anonymization exploits. Proc. Priv. Enhanc. Technol. 2016, 4 (2016), 454–469.Google Scholar
Cross Ref
- Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. 2009. Introduction to Algorithms. MIT Press.Google Scholar
Digital Library
- Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. 1998. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the USENIX Security Symposium, Vol. 98. 63–78. Google Scholar
Digital Library
- Stanley Crispin Cowan, Seth Richard Arnold, Steven Michael Beattie, and Perry Michael Wagle. 2010. PointGuard: Method and System for Protecting Programs Against Pointer Corruption Attacks. US Patent 7,752,459.Google Scholar
- Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. 2015. Readactor: Practical code randomization resilient to memory disclosure. In Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE, 763–780. Google Scholar
Digital Library
- Cyclone. 2002. Retrieved August 12, 2019 from http://cyclone.thelanguage.org/.Google Scholar
- Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. PT-Rand: Practical mitigation of data-only attacks against page tables. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17).Google Scholar
Cross Ref
- Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z Snow, and Fabian Monrose. 2015. Isomeron: Code randomization resilient to (just-in-time) return-oriented programming. In Proceedings of the Network and Distributed System Security Symposium (NDSS’15).Google Scholar
Cross Ref
- Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems, C. R. Ramakrishnan and Jakob Rehof (Eds.). Springer, Berlin, 337–340. Google Scholar
Digital Library
- Joe Devietti, Colin Blundell, Milo M. K. Martin, and Steve Zdancewic. 2008. Hardbound: architectural support for spatial safety of the C programming language. ACM SIGOPS Operat. Syst. Rev. 42, 2 (2008), 103–114. Google Scholar
Digital Library
- Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of the USENIX Conference on Security Symposium. 131–148. Google Scholar
Digital Library
- Gregory J. Duck and Roland H. C. Yap. 2016. Heap bounds protection with low fat pointers. In Proceedings of the 25th International Conference on Compiler Construction. ACM, 132–142. Google Scholar
Digital Library
- Gregory J. Duck, Roland H. C. Yap, and Lorenzo Cavallaro. 2017. Stack bounds protection with low fat pointers.. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17).Google Scholar
- Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C. Necula. 2006. XFI: Software guards for system address spaces. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation. 75–88. Google Scholar
Digital Library
- Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. Missing the point(er): On the effectiveness of code pointer integrity. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 781–796. Google Scholar
Digital Library
- Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control jujutsu: On the weaknesses of fine-grained control flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 901–913. Google Scholar
Digital Library
- M. Evers, S. J. Patel, R. S. Chappell, and Y. N. Patt. 1998. An analysis of correlation and predictability: What makes two-level branch predictors work. In Proceedings. 25th Annual International Symposium on Computer Architecture. 52–61. Google Scholar
Digital Library
- TIOBE Index for November. 2020. Retrieved November 30, 2020 from https://www.tiobe.com/tiobe-index/.Google Scholar
- Aurélien Francillon and Claude Castelluccia. 2008. Code injection attacks on harvard-architecture devices. In Proceedings of the 15th ACM conference on Computer and Communications Security. 15–26. Google Scholar
Digital Library
- Xinyang Ge, Weidong Cui, and Trent Jaeger. 2017. GRIFFIN: Guarding control flows using intel processor trace. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’17). 585–598. Google Scholar
Digital Library
- Masoud Ghaffarinia and Kevin W. Hamlen. 2019. Binary control-flow trimming. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 1009–1022. Google Scholar
Digital Library
- Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum. 2012. Enhanced operating system security through efficient and fine-grained address space randomization. In Proceedings of the 21st USENIX Security Symposium (USENIX Security’12). 475–490. Google Scholar
Digital Library
- Yufei Gu, Qingchuan Zhao, Yinqian Zhang, and Zhiqiang Lin. 2017. PT-CFI: Transparent backward-edge control flow violation detection using intel processor trace. In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY’17). 173–184. Google Scholar
Digital Library
- Hardware-assisted AddressSanitizer. 2017. Retrieved March 31, 2019 from https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html.Google Scholar
- Jason Hiser, Anh Nguyen-Tuong, Michele Co, Matthew Hall, and Jack W. Davidson. 2012. ILR: Where’d my gadgets go? In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 571–585. Google Scholar
Digital Library
- Andrei Homescu, Steven Neisius, Per Larsen, Stefan Brunthaler, and Michael Franz. 2013. Profile-guided automated software diversity. In Proceedings of the IEEE/ACM International Symposium on Code Generation and Optimization (CGO’13). IEEE Computer Society, 1–11. Google Scholar
Digital Library
- Hong Hu, Zheng Leong Chua, Sendroiu Adrian, Prateek Saxena, and Zhenkai Liang. 2015. Automatic generation of data-oriented exploits. In Proceedings of the 24th USENIX Security Symposium (USENIX Security’15). 177–192. Google Scholar
Digital Library
- Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing unique code target property for control-flow integrity. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). 1470–1486. Google Scholar
Digital Library
- Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 969–986.Google Scholar
Cross Ref
- Intel. 2019. Control-flow Enforcement Technology Preview. Retrieved March 24, 2020 from https://software.intel.com/sites/default/files/ managed/4d/2a/control-flow-enforcement-technology-preview.pdf.Google Scholar
- Introduction to Intel® Memory Protection Extensions. 2013. Retrieved March 24, 2020 from https://software.intel.com/content/www/us/en/dev elop/articles/introduction-to-intel-memory-protection-extensions.html.Google Scholar
- Kyriakos K. Ispoglou, Bader AlBassam, Trent Jaeger, and Mathias Payer. 2018. Block oriented programming: Automating data-only attacks. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1868–1882. Google Scholar
Digital Library
- Yaoqi Jia, Zheng Leong Chua, Hong Hu, Shuo Chen, Prateek Saxena, and Zhenkai Liang. 2016. “The Web/Local” boundary is fuzzy: A security study of chrome’s process-based sandboxing. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 791–804. Google Scholar
Digital Library
- Chongkyung Kil, Jinsuk Jun, Christopher Bookholt, Jun Xu, and Peng Ning. 2006. Address space layout permutation (ASLP): Towards fine-grained randomization of commodity software. In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC’06). IEEE, 339–348. Google Scholar
Digital Library
- Hyungjoon Koo, Yaohui Chen, Long Lu, Vasileios P. Kemerlis, and Michalis Polychronakis. 2018. Compiler-assisted code randomization. In Proceedings of the IEEE Symposium on Security and Privacy (SP’18). IEEE, 461–477.Google Scholar
Cross Ref
- Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2017. SGXBOUNDS: Memory safety for shielded execution. In Proceedings of the 12th European Conference on Computer Systems. 205–221. Google Scholar
Digital Library
- Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-pointer integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI’14). 147–163. Google Scholar
Digital Library
- Volodymyr Kuznetzov, László Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2018. Code-pointer integrity. In The Continuing Arms Race: Code-Reuse Attacks and Defenses. 81–116. Google Scholar
Digital Library
- Albert Kwon, Udit Dhawan, Jonathan M Smith, Thomas F Knight Jr, and Andre DeHon. 2013. Low-fat pointers: Compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. 721–732. Google Scholar
Digital Library
- Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. 2014. SoK: Automated software diversity. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 276–291. Google Scholar
Digital Library
- LBNL-FTP-PKT. 2004. Anonymous FTP connections dataset at the Lawrence Berkeley National Laboratory. Retrieved March 25, 2020 from https://ee.lbl.gov/anonymized-traces.html.Google Scholar
- Intel(R) Processor Trace Decoder Library. 2013. Retrieved April 3, 2020 from https://github.com/intel/libipt.Google Scholar
- Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan-Erik Ekberg, and N. Asokan. 2019. PAC it up: Towards pointer integrity using arm pointer authentication. In Proceedings of the 28th USENIX Security Symposium (USENIX Security’19). 177–194. Google Scholar
Digital Library
- Chen Liu, Zhiliu Yang, Zander Blasingame, Gildo Torres, and James Bruska. 2018. Detecting data exploits using low-level hardware information: A short time series approach. In Proceedings of the 1st Workshop on Radical and Experiential Security. ACM, 41–47. Google Scholar
Digital Library
- Y. Liu, P. Shi, X. Wang, H. Chen, B. Zang, and H. Guan. 2017. Transparent and efficient CFI enforcement with intel processor trace. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’17). 529–540.Google Scholar
- LLVM. 2003. The LLVM Compiler Infrastructure. Retrieved April 25, 2020 http://llvm.org/.Google Scholar
- Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee. 2015. ASLR-Guard: Stopping address space leakage for code reuse attacks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 280–291. Google Scholar
Digital Library
- Yuan Luo, Ya Xiao, Long Cheng, Guojun Peng, and Danfeng Daphne Yao. 2020. Deep learning-based anomaly detection in cyber-physical systems: Progress and opportunities. ACM Comput. Surv. 54, 5, Article 106 (June 2021), 36 pages. Google Scholar
Digital Library
- Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M Frans Kaashoek. 2011. Software fault isolation with API integrity and multi-principal modules. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 115–128. Google Scholar
Digital Library
- Sparsh Mittal. 2019. A survey of techniques for dynamic branch prediction. Concurrency and Computation: Practice and Experience 31, 1 (2019), e4666.Google Scholar
Cross Ref
- Micah Morton, Jan Werner, Panagiotis Kintis, Kevin Snow, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose. 2018. Security risks in asynchronous web servers: When performance optimizations amplify the impact of data-oriented attacks. In Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P’18). IEEE, 167–182.Google Scholar
Cross Ref
- Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation. 245–258. Google Scholar
Digital Library
- George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 128–139. Google Scholar
Digital Library
- National Vulnerability Database (NVD). 2006. ProFTPD Remote Exploit. Retrieved March 25, 2020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5815.Google Scholar
- T. Nyman, G. Dessouky, S. Zeitouni, A. Lehikoinen, A. Paverd, N. Asokan, and A. Sadeghi. 2019. HardScope: Hardening embedded systems against data-oriented attacks. In Proceedings of the 56th ACM/IEEE Design Automation Conference (DAC’19). 1–6. Google Scholar
Digital Library
- Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2018. Intel MPX explained: A cross-layer analysis of the intel MPX system stack. SIGMETRICS Perform. Eval. Rev. 46, 1 (Jun. 2018), 111–112.Google Scholar
- Aleph One. 1996. Smashing the stack for fun and profit. Phrack 7, 49 (Nov. 1996).Google Scholar
- Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-grained control-flow integrity through binary hardening. In Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 144–164. Google Scholar
Digital Library
- Dan Pelleg and Andrew W. Moore. 2000. X-means: Extending K-means with Efficient estimation of the number of clusters. In Proceedings of the International Conference on Machine Learning (ICML’00). 727–734. Google Scholar
Digital Library
- Alexander Peslyak. 1997. “return-to-libc” attack. Bugtraq (Aug. 1997).Google Scholar
- J. Pewny, P. Koppe, and T. Holz. 2019. STEROIDS for DOPed Applications: A compiler for automated data-oriented programming. In Proceedings of the IEEE European Symposium on Security and Privacy (Euro S&P’19). 111–126.Google Scholar
- Qualcomm Technologies Inc.2017. Pointer Authentication on ARMv8.3. Retrieved from https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf.Google Scholar
- Prabhu Rajasekaran, Stephen Crane, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz. 2020. CoDaRR: Continuous data space randomization against data-only attacks. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. 494–505. Google Scholar
Digital Library
- S. Rapps and E. J. Weyuker. 1985. Selecting software test data using data flow information. IEEE Trans. Softw. Eng. SE-11, 4 (1985), 367–375. Google Scholar
Digital Library
- Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15, 1 (2012), 1–34. Google Scholar
Digital Library
- Roman Rogowski, Micah Morton, Forrest Li, Fabian Monrose, Kevin Z. Snow, and Michalis Polychronakis. 2017. Revisiting browser security in the modern era: New data-only attacks and defenses. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P’17). IEEE, 366–381.Google Scholar
Cross Ref
- SAFE Secure Computing Platform. 2019. Retrieved August 12, 2019 from http://www.crash-safe.org/.Google Scholar
- Cole Schlesinger, Karthik Pattabiraman, Nikhil Swamy, David Walker, and Benjamin Zorn. 2014. Modular protections against non-control data attacks. J. Comput. Secur. 22, 5 (2014), 699–742.Google Scholar
Cross Ref
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit hardening made easy. In Proceedings of the USENIX Security Symposium. 25–41. Google Scholar
Digital Library
- Edward J. Schwartz, Cory F. Cohen, Jeffrey S. Gennari, and Stephanie M. Schwartz. 2020. A generic technique for automatically finding defense-aware code reuse attacks. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1789–1801. Google Scholar
Digital Library
- Jeff Seibert, Hamed Okhravi, and Eric Söderström. 2014. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 54–65. Google Scholar
Digital Library
- Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Proceedings of the USENIX Annual Technical Conference (USENIX’12). 309–318. Google Scholar
Digital Library
- Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and Communications Security. 552–561. Google Scholar
Digital Library
- Xiaokui Shu, Danfeng Yao, and Naren Ramakrishnan. 2015. Unearthing stealthy program attacks buried in extremely long execution paths. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 401–413. Google Scholar
Digital Library
- Xiaokui Shu, Danfeng Yao, Naren Ramakrishnan, and Trent Jaeger. 2017. Long-span program behavior modeling and attack detection. ACM Trans. Priv. Secur. 20, 4 (2017), 1–28. Google Scholar
Digital Library
- Xiaokui Shu, Danfeng (Daphne) Yao, Naren Ramakrishnan, and Trent Jaeger. 2017. Long-span program behavior modeling and attack detection. ACM Trans. Priv. Secur. 20, 4 (Sep. 2017), 1–28. Google Scholar
Digital Library
- Kanad Sinha and Simha Sethumadhavan. 2018. Practical memory safety with REST. In Proceedings of the ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA’18). IEEE, 600–611. Google Scholar
Digital Library
- SIR. 2006. Software-artifact Infrastructure Repository. Retrieved April 25, 2020 from http://sir.unl.edu/.Google Scholar
- Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2013. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 574–588. Google Scholar
Digital Library
- Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. HDFI: Hardware-assisted data-flow isolation. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 1–17.Google Scholar
Cross Ref
- Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz. 2019. SoK: Sanitizing for security. In Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, 1275–1295.Google Scholar
Cross Ref
- Z. Sun, B. Feng, L. Lu, and S. Jha. 2020. OAT: Attesting operation integrity of embedded devices. In Proceedings of the IEEE Symposium on Security and Privacy (SP’20). 1433–1449.Google Scholar
- Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. Sok: Eternal war in memory. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 48–62. Google Scholar
Digital Library
- Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2015. Heisenbyte: Thwarting memory disclosure attacks using destructive code reads. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 256–267. Google Scholar
Digital Library
- PaX Team. 2003. PaX address space layout randomization (ASLR). Retrieved July 27, 2021 from https://pax.grsecurity.net/docs/aslr.txt.Google Scholar
- Testing Exploitable Buffer Overflows From Open Source Code. 2018. Retrieved January 8, 2018 from https://samate.nist.gov/SRD/view.php?tsID=88.Google Scholar
- The Rust Programming Language. 2019. Retrieved August 12, 2019 from https://www.rust-lang.org/.Google Scholar
- Gildo Torres and Chen Liu. 2016. Can data-only exploits be detected at runtime using hardware events?: A case study of the heartbleed vulnerability. In Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. ACM, 1–7. Google Scholar
Digital Library
- Stylianos Tsampas, Akram El-Korashy, Marco Patrignani, Dominique Devriese, Deepak Garg, and Frank Piessens. 2017. Towards automatic compartmentalization of C programs on capability machines. In Workshop on Foundations of Computer Security 2017. 1–14.Google Scholar
- Julien Vanegue. 2013. The Automated Exploitation Grand Challenge. Retrieved February 12, 2020 from https://openwall.info/wiki/_media/people/jvaneg ue/files/aegc_vanegue.pdf.Google Scholar
- Kuznetsov Volodymyr, Szekeres Laszlo, Payer Mathias, Candea George, and R. Sekar. 2014. Code-pointer integrity. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI’14). Google Scholar
Digital Library
- Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. 1993. Efficient software-based fault isolation. In Proceedings of the 14th ACM Symposium on Operating Systems Principles. 203–216. Google Scholar
Digital Library
- Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. 2012. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 157–168. Google Scholar
Digital Library
- Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, et al. 2015. Cheri: A hybrid capability-system architecture for scalable software compartmentalization. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 20–37. Google Scholar
Digital Library
- David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and deployable continuous code re-randomization. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI’16). 367–382. Google Scholar
Digital Library
- Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. 2014. The CHERI capability model: Revisiting RISC in an age of risk. In Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture (ISCA’14). IEEE, 457–468. Google Scholar
Digital Library
- Jidong Xiao, Hai Huang, and Haining Wang. 2015. Kernel data attack is a realistic security threat. In Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 135–154.Google Scholar
Cross Ref
- Danfeng Yao, Xiaokui Shu, Long Cheng, and Salvatore J. Stolfo. 2017. Anomaly detection as a service: Challenges, advances, and opportunities. Synth. Lect. Inf. Secur. Priv. Trust 9, 3 (2017), 1–173. Google Scholar
Digital Library
- Danfeng (Daphne) Yao, Xiaokui Shu, Long Cheng, and Salvatore J. Stolfo. 2017. Anomaly detection as a service: Challenges, advances, and opportunities. Synth. Lect. Inf. Secur. Priv. Trust 9, 3 (2017), 1–173.Google Scholar
Cross Ref
- Suan Hsi Yong and Susan Horwitz. 2003. Protecting C programs from attacks via invalid pointer dereferences. In Proceedings of the 9th European Software Engineering Conference Held Jointly with 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, Vol. 28. 307–316. Google Scholar
Digital Library
- Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical control flow integrity and randomization for binary executables. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 559–573. Google Scholar
Digital Library
- Hao Zhang, Danfeng Daphne Yao, Naren Ramakrishnan, and Zhibin Zhang. 2016. Causality reasoning about network events for detecting stealthy malware activities. Comput. Secur. 58 (2016), 180–198. Google Scholar
Digital Library
- Mingwei Zhang and R. Sekar. 2013. Control flow integrity for COTS binaries. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security’13). 337–352. Google Scholar
Digital Library
- X. Zhuang, T. Zhang, and S. Pande. 2006. Using branch correlation to identify infeasible paths for anomaly detection. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture (MICRO’06). 113–122. Google Scholar
Digital Library
Index Terms
Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches
Recommendations
A Survey of Exploitation Techniques and Defenses for Program Data Attacks
AbstractIn recent years, program data attacks (PDA) have become a popular topic in the field of network security. PDAs are memory corruption vulnerability exploitation techniques that target the control plane and data plane in the target ...
DDoS attacks and defense mechanisms: classification and state-of-the-art
Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Multi Layer Approach to Defend DDoS Attacks Caused by Spam
MUE '07: Proceedings of the 2007 International Conference on Multimedia and Ubiquitous EngineeringCorporate mail services are designed to perform better than public mail services. Fast mail delivery, large size file transfer as an attachments, high level spam and virus protection, commercial advertisement free environment are some of the advantages ...






Comments