NDLI: Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks

Please wait, while we are loading the content...

From Mental Poker to Core Business: Why and How to Deploy Secure Computation Protocols?

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS~X and iOS

Seeing through Network-Protocol Obfuscation

Automated Analysis and Synthesis of Authenticated Encryption Schemes

GUITAR: Piecing Together Android App GUIs from Memory Images

Monte Carlo Strength Evaluation: Fast and Reliable Password Checking

How to Use Bitcoin to Play Decentralized Poker

It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks

Location-restricted Services Access Control Leveraging Pinpoint Waveforming

Defeating IMSI Catchers

Static Detection of Packet Injection Vulnerabilities: A Case for Identifying Attacker-controlled Implicit Information Leaks

UCognito: Private Browsing without Tears

Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance

Towards Automatic Generation of Security-Centric Descriptions for Android Apps

A Search Engine Backed by Internet-Wide Scanning

Fast Garbling of Circuits Under Standard Assumptions

FlowWatcher: Defending against Data Disclosure Vulnerabilities in Web Applications

Inference Attacks on Property-Preserving Encrypted Databases

Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions

Symbolic Execution of Obfuscated Code

Face/Off: Preventing Privacy Leakage From Photos in Social Networks

Practicing Oblivious Access on Cloud Storage: the Gap, the Fallacy, and the New Way Forward

Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity

SEDA: Scalable Embedded Device Attestation

Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable)

Drops for Stuff: An Analysis of Reshipping Mule Scams

Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits

On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption

From System Services Freezing to System Server Shutdown in Android: All You Need Is a Loop in an App

Differential Privacy with Bounded Priors: Reconciling Utility and Privacy in Genome-Wide Association Studies

Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication

The Clock is Still Ticking: Timing Attacks in the Modern Web

Mass-surveillance without the State: Strongly Undetectable Algorithm-Substitution Attacks

IntegriDB: Verifiable SQL for Outsourced Databases

Maneuvering Around Clouds: Bypassing Cloud-based Security Providers

Observing and Preventing Leakage in MapReduce

DEMO: Action Recommendation for Cyber Resilience

Fraud Detection through Graph-Based User Behavior Modeling

Workshop Summary of AISec'15: 2015 Workshop on Artificial Intelligent and Security

Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards

iRiS: Vetting Private API Abuse in iOS Applications

CacheBrowser: Bypassing Chinese Censorship without Proxies Using Cached Content

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

WebCapsule: Towards a Lightweight Forensic Engine for Web Browsers

Surpass: System-initiated User-replaceable Passwords

Micropayments for Decentralized Currencies

Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads

SafeDSA: Safeguard Dynamic Spectrum Access against Fake Secondary Users

DEMOS-2: Scalable E2E Verifiable Elections without Random Oracles

Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths

Security by Any Other Name: On the Effectiveness of Provider Based Email Security

GRECS: Graph Encryption for Approximate Shortest Distance Queries

AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications

Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence

Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries

Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications

Frequency-Hiding Order-Preserving Encryption

Tampering with the Delivery of Blocks and Transactions in Bitcoin

CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions

CrowdTarget: Target-based Detection of Crowdturfing in Online Social Networks

Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound

Per-Input Control-Flow Integrity

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens

Fast Non-Malleable Commitments

Android Root and its Providers: A Double-Edged Sword

Automated Symbolic Proofs of Observational Equivalence

A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates

Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References

Protecting Locations with Differential Privacy under Temporal Correlations

Authenticating Privately over Public Wi-Fi Hotspots

Cross-Site Search Attacks

HORNET: High-speed Onion Routing at the Network Layer

A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols

The SICILIAN Defense: Signature-based Whitelisting of Web JavaScript

Mitigating Storage Side Channels Using Statistical Privacy Mechanisms

POSTER: Secure Chat for the Masses? User-centered Security to the Rescue

Program Analysis for Mobile Application Integrity and Privacy Enforcement

CCSW 2015: The 7th ACM Cloud Computing Security Workshop

GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte

VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images

Optimal Distributed Password Verification

Liar, Liar, Coins on Fire!: Penalizing Equivocation By Loss of Bitcoins

Timely Rerandomization for Mitigating Memory Disclosures

Insecurity of Voice Solution VoLTE in LTE Mobile Networks

Subversion-Resilient Signature Schemes

From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel

Certified PUP: Abuse in Authenticode Code Signing

Fast and Secure Three-party Computation: The Garbled Circuit Approach

Inlined Information Flow Monitoring for JavaScript

Leakage-Abuse Attacks Against Searchable Encryption

Demystifying Incentives in the Consensus Computer

LOOP: Logic-Oriented Opaque Predicate Detection in Obfuscated Binary Code

Exploiting Temporal Dynamics in Sybil Defenses

Constant Communication ORAM with Small Blocksize

Practical Context-Sensitive CFI

Trusted Display on Untrusted Commodity Platforms

White-Box Cryptography Revisited: Space-Hard Ciphers

An Empirical Study of Web Vulnerability Discovery Ecosystems

Automated Proofs of Pairing-Based Cryptography

Deniable Key Exchanges for Secure Messaging

Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations

Privacy-Preserving Deep Learning

SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web

The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications

CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services

Automated Synthesis of Optimized Circuits for Secure Computation

Seeing Your Face Is Not Enough: An Inertial Sensor-Based Liveness Detection for Face Authentication

Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration

POSTER: In the Net of the Spider: Measuring the Anonymity-Impact of Network-level Adversaries Against Tor

Introduction to Cryptocurrencies

First Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC): Challenges and Research Directions

Traitor Deterring Schemes: Using Bitcoin as Collateral for Digital Content

ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks

Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations

Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice

VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits

A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warnings

Provisions: Privacy-preserving Proofs of Solvency for Bitcoin Exchanges

MalGene: Automatic Extraction of Malware Analysis Evasion Signature

Where's Wally?: Precise User Discovery Attacks in Location Proximity Services

Secure Deduplication of Encrypted Data without Additional Independent Servers

CCFI: Cryptographically Enforced Control Flow Integrity

PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks

Lattice Basis Reduction Attack against Physically Unclonable Functions

The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics

Moat: Verifying Confidentiality of Enclave Programs

TOPAS: 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity

When Good Becomes Evil: Keystroke Inference with Smartwatch

Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

Automating Fast and Secure Translations from Type-I to Type-III Pairing Schemes

From Facepalm to Brain Bender: Exploring Client-Side Cross-Site Scripting

(Un)linkable Pseudonyms for Governmental Databases

Using Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation

POSTER: Towards Compiler-Assisted Taint Tracking on the Android Runtime (ART)

MIST 2015: 7th International Workshop on Managing Insider Security Threats

Transparent Data Deduplication in the Cloud

Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks

Clean Application Compartmentalization with SOAAP

POSTER: iPKI: Identity-based Private Key Infrastructure for Securing BGP Protocol

MTD 2015: Second ACM Workshop on Moving Target Defense

POSTER: Mobile Device Identification by Leveraging Built-in Capacitive Signature

SafeConfig 2015: Workshop on Automated Decision Making for Active Cyber Defense

POSTER: Implementing and Testing a Novel Chaotic Cryptosystem for Use in Small Satellites

SPSM 2015: 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices

POSTER: A Password-based Authentication by Splitting Roles of User Interface

Fifth International Workshop on Trustworthy Embedded Devices (TrustED 2015)

POSTER: Page Table Manipulation Attack

WISCS'15: The 2nd ACM Workshop on Information Sharing and Collaborative Security

POSTER: Toward Energy-Wasting Misbehavior Detection Platform with Privacy Preservation in Building Energy Use

WPES 2015: The 14th Workshop on Privacy in the Electronic Society

POSTER: A Hardware Fingerprint Using GPU Core Frequency Variations

POSTER: The Popular Apps in Your Pocket Are Leaking Your Privacy

POSTER: PatchGen: Towards Automated Patch Detection and Generation for 1-Day Vulnerabilities

POSTER: Using Unit Testing to Detect Sanitization Flaws

POSTER: PsychoRithm: A Framework for Studying How Human Traits Affect User Response to Security Situations

POSTER: Dynamic Labelling for Analyzing Security Protocols

POSTER: Computations on Encrypted Data in the Internet of Things Applications

POSTER: Detecting Malicious Web Pages based on Structural Similarity of Redirection Chains

POSTER: WinOver Enterprise Dark Data

POSTER: A Logic Based Network Forensics Model for Evidence Analysis

POSTER: OFX: Enabling OpenFlow Extensions for Switch-Level Security Applications

POSTER: Blackboard-Based Electronic Warfare System

POSTER: PRINCESS: A Secure Cloud File Storage System for Managing Data with Hierarchical Levels of Sensitivity

POSTER: Pseudonymizing Client as a Privacy-Preserving Service: A Case Study of CDN

POSTER: biTheft: Stealing Your Secrets by Bidirectional Covert Channel Communication with Zero-Permission Android Application

POSTER: Lightweight Streaming Authenticated Data Structures

Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks

Content Provider	ACM Digital Library
Author	Larsen, Per Conti, Mauro Davi, Lucas Liebchen, Christopher Sadeghi, Ahmad-Reza Crane, Stephen Franz, Michael Qunaibit, Mohaned Negro, Marco
Abstract	Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has been the subject of extensive research in the past decade. One of the core findings is that adversaries can construct Turing-complete code-reuse attacks against coarse-grained CFI policies because they admit control flows that are not part of the original program. This insight led the research community to focus on fine-grained CFI implementations. In this paper we show how to exploit heap-based vulnerabilities to control the stack contents including security-critical values used to validate control-flow transfers. Our investigation shows that although program analysis and compiler-based mitigations reduce stack-based vulnerabilities, stack-based memory corruption remains an open problem. Using the Chromium web browser we demonstrate real-world attacks against various CFI implementations: 1)~against CFI implementations under Windows 32-bit by exploiting unprotected context switches, and 2)~against state-of-the-art fine-grained CFI implementations (IFCC and VTV) in the two premier open-source compilers under Unix-like operating systems. Both 32 and 64-bit x86 CFI checks are vulnerable to stack manipulation. Finally, we provide an exploit technique against the latest shadow stack implementation.
Starting Page	952
Ending Page	963
Page Count	12
File Format	PDF
ISBN	9781450338325
DOI	10.1145/2810103.2813671
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2015-10-12
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Control-flow integrity Stack corruption Code-reuse attacks
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in