Home // ICIMP 2016, The Eleventh International Conference on Internet Monitoring and Protection // View article

Code-Stop: Code-Reuse Prevention by Context-Aware Traffic Proxying

Authors:
Terrence OConnor
William Enck

Keywords: code-reuse attacks; return-oriented programming; intrusion prevention system; proxy

Abstract:
This paper introduces a network and host-based cooperative system for defending against code-reuse attacks that bypass exploit mitigation strategies. While the combination of address space layout randomization (ASLR) and data execution prevention (DEP) provide the means for mitigating exploitation, attackers routinely bypass these mechanisms by borrowing code from shared libraries that lack the same protections or by abusing memory leaks. This paper illustrates the ability to identify code-reuse attacks through cooperation between the traffic proxy and destination host. With the context of the host, the network has the ability to prevent code-reuse, and ultimately, exploitation. Through experimentation, we demonstrate that our cooperative system can effectively defeat a wide variety of code-reuse attacks, including newer attack vectors such as Just-in-Time-Flash or jump-oriented gadgets. Our experiments indicate our prototype is compatible with popular software such as Internet Explorer, Adobe Reader, and Microsoft Office applications and proved successful mitigating code-reuse attacks

Pages: 1 to 10

Copyright: Copyright (c) IARIA, 2016

Publication date: May 22, 2016

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-475-6

Location: Valencia, Spain

Dates: from May 22, 2016 to May 26, 2016