Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code

@inproceedings{Seibert2014InformationLW,
  title={Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code},
  author={Jeff Seibert and Hamed Okkhravi and Eric S{\"o}derstr{\"o}m},
  booktitle={ACM Conference on Computer and Communications Security},
  year={2014}
}
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have recently become the predominant way for attackers to exploit memory corruption vulnerabilities. As code reuse attacks require detailed knowledge of where code is in memory, diversification techniques attempt to mitigate these attacks by randomizing what instructions are executed and where code is located in memory. As an attacker cannot read the diversified code, it is assumed he cannot reliably… CONTINUE READING
Highly Cited
This paper has 91 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 58 extracted citations

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

2015 IEEE Symposium on Security and Privacy • 2015
View 8 Excerpts
Highly Influenced

Timely Rerandomization for Mitigating Memory Disclosures

ACM Conference on Computer and Communications Security • 2015
View 6 Excerpts
Highly Influenced

CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks

2017 IEEE European Symposium on Security and Privacy (EuroS&P) • 2017
View 6 Excerpts
Highly Influenced

Preventing kernel code-reuse attacks through disclosure resistant code diversification

2016 IEEE Conference on Communications and Network Security (CNS) • 2016
View 6 Excerpts
Highly Influenced

Subversive-C: Abusing and Protecting Dynamic Message Dispatch

USENIX Annual Technical Conference • 2016
View 4 Excerpts
Highly Influenced

Compiler-Assisted Code Randomization

2018 IEEE Symposium on Security and Privacy (SP) • 2018
View 1 Excerpt

92 Citations

0102030'14'15'16'17'18'19
Citations per Year
Semantic Scholar estimates that this publication has 92 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
Showing 1-10 of 11 references

Practical Timing Side Channel Attacks against Kernel Space ASLR

2013 IEEE Symposium on Security and Privacy • 2013
View 20 Excerpts
Highly Influenced

Binary stirring: self-randomizing instruction addresses of legacy x86 binary code

ACM Conference on Computer and Communications Security • 2012
View 20 Excerpts
Highly Influenced

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

2013 IEEE Symposium on Security and Privacy • 2013
View 6 Excerpts
Highly Influenced

On the effectiveness of address-space randomization

ACM Conference on Computer and Communications Security • 2004
View 4 Excerpts
Highly Influenced

Diversifying the Software Stack Using Randomized NOP Insertion

Moving Target Defense • 2013
View 5 Excerpts
Highly Influenced

Opportunities and Limits of Remote Timing Attacks

ACM Trans. Inf. Syst. Secur. • 2009
View 4 Excerpts
Highly Influenced

Preventing Memory Error Exploits with WIT

2008 IEEE Symposium on Security and Privacy (sp 2008) • 2008
View 3 Excerpts
Highly Influenced

The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)

ACM Conference on Computer and Communications Security • 2007
View 3 Excerpts
Highly Influenced

Remote Timing Attacks Are Practical

USENIX Security Symposium • 2003
View 4 Excerpts
Highly Influenced

Similar Papers

Loading similar papers…