Please use this identifier to cite or link to this item:
https://scholarbank.nus.edu.sg/handle/10635/124230
| Title: | SYSTEMATIC METHODS FOR MEMORY ERROR DETECTION AND EXPLOITATION | Authors: | HU HONG | Keywords: | Memory Error, Systematic Detection, Exploit Generation, Data-Oriented Attacks, Data-Flow Stitching, Data-Oriented Programming | Issue Date: | 22-Jan-2016 | Citation: | HU HONG (2016-01-22). SYSTEMATIC METHODS FOR MEMORY ERROR DETECTION AND EXPLOITATION. ScholarBank@NUS Repository. | Abstract: | Memory errors are persistent threats to computer systems. Memory error exploits have resulted in severe damage in real-world programs. At the same time, exploit mechanisms are rapidly evolving to bypass known protections. To prevent the damage, we need to detect them in advance and predict their evolving trend. In this thesis, we propose three novel solutions to systematically detect memory errors and explore new exploits. First, we detect memory errors shown in the privilege-based isolation, where the unexpected memory access can cross isolated partitions. Then we look into new exploit mechanisms in the data space. We propose data-flow stitching, a novel method to connect disjoint data flows for severe attacks. Data-flow stitching significantly enlarges the capability of data-oriented attacks. Finally, we explore the expressiveness of data-oriented attacks. We propose data-oriented programming (DOP), which selectively stitches basic data-flow gadgets for a desired purpose. With DOP, we build Turing-complete data-oriented attacks. | URI: | http://scholarbank.nus.edu.sg/handle/10635/124230 |
| Appears in Collections: | Ph.D Theses (Open) |
Show full item record
Files in This Item:
| File | Description | Size | Format | Access Settings | Version | |
|---|---|---|---|---|---|---|
| HuHong.pdf | 1.3 MB | Adobe PDF | OPEN | None | View/Download |
Google ScholarTM
Check
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.