Statistical Measurement of Production Environment Influence on Code Reuse Availability

Étienne Louboutin 1, 2, 3 Jean-Christophe Bach 1, 2 Fabien Dagnat 1, 2
2 Lab-STICC_IMTA_CACS_MOCS
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : Return-oriented-programming is widely used for software exploits, and ten years after its academic description, little to no protection is deployed most of the time. Performance trade-offs or insufficient protection often results in no protection deployment. Address space layout randomisation is a basic protection that just increases the complexity of writing attacks but does not prevent code-reuse exploits. Its overhead is negligible enough to justify its deployment. These protections come after software development, and are implemented in the compiler or via binary modification. Usually, each binary is either critical and protected or not critical and not protected. This decision results from a usage criterion, like gzip, or if it exposes network interfaces, like apache. In this paper, we go through multiple views to expose elements that make it possible to compare binaries with respect to their available code-reuse components. We look at these elements to underline what part of the production process of a binary can increase or decrease its quantitative inclusion of code reuse components. With this evaluation, we expose certain disparities introduced by production tools, by the language used to write applications or even because of the targeted platform. We also show how hardware architectures affect this statistical measurement.
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02354761
Contributor : Jean-Christophe Bach <>
Submitted on : Thursday, November 7, 2019 - 9:47:30 PM
Last modification on : Sunday, November 10, 2019 - 1:20:59 AM

File

Statistical_measurement_of_pro...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02354761, version 1

Citation

Étienne Louboutin, Jean-Christophe Bach, Fabien Dagnat. Statistical Measurement of Production Environment Influence on Code Reuse Availability. SECURWARE, Oct 2019, Nice, France. ⟨hal-02354761⟩

Share

Metrics

Record views

23

Files downloads

2