Title | ||
---|---|---|
Feedback control can make data structure layout randomization more cost-effective under zero-day attacks. |
Abstract | ||
---|---|---|
In the wake of the research community gaining deep understanding about control-hijacking attacks, data-oriented attacks have emerged. Among data-oriented attacks, data structure manipulation attack (DSMA) is a major category. Pioneering research was conducted and shows that DSMA is able to circumvent the most effective defenses against control-hijacking attacks — DEP, ASLR and CFI. Up to this day, only two defense techniques have demonstrated their effectiveness: Data Flow Integrity (DFI) and Data Structure Layout Randomization (DSLR). However, DFI has high performance overhead, and dynamic DSLR has two main limitations. L-1: Randomizing a large set of data structures will significantly affect the performance. L-2: To be practical, only a fixed sub-set of data structures are randomized. In the case that the data structures targeted by an attack are not covered, dynamic DSLR is essentially noneffective. |
Year | DOI | Venue |
---|---|---|
2018 | 10.1186/s42400-018-0003-x | Cybersecurity |
Keywords | DocType | Volume |
Data structure manipulation attack, Data structure layout randomization, Adaptive security, Feedback control | Journal | 1 |
Issue | ISSN | Citations |
1 | 2523-3246 | 0 |
PageRank | References | Authors |
0.34 | 0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ping Chen | 1 | 0 | 0.34 |
Zhisheng Hu | 2 | 7 | 3.86 |
Jun Xu | 3 | 0 | 0.34 |
Minghui Zhu | 4 | 44 | 12.11 |
Peng Liu | 5 | 1701 | 171.49 |