Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
Authors:
Stefano Cristalli and Mattia Pagnozzi, University of Milan; Mariano Graziano, Cisco Systems Inc.; Andrea Lanzi, University of Milan; Davide Balzarotti, Eurecom
Abstract:
Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisorbased memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, and OS independent protection against all spraying techniques known to date. We developed a prototype open source framework based on our approach, and we thoroughly evaluated it against all known variations of spraying attacks on two operating systems: Linux and Microsoft Windows. Our tool can be applied out of the box to protect any application, and its overhead can be tuned according to the application behavior and to the desired level of protection.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {197143,
author = {Stefano Cristalli and Mattia Pagnozzi and Mariano Graziano and Andrea Lanzi and Davide Balzarotti},
title = {Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks},
booktitle = {25th {USENIX} Security Symposium ({USENIX} Security 16)},
year = {2016},
isbn = {978-1-931971-32-4},
address = {Austin, TX},
pages = {431--446},
url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/cristalli},
publisher = {{USENIX} Association},
month = aug,
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us