enabling client side crash resistance to overcome
play

Enabling Client-Side Crash-Resistance to Overcome Diversification - PowerPoint PPT Presentation

Mar 01, 2024 •30 likes •660 views

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding Robert Gawlik , Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz Ruhr University Bochum Horst Grtz Institute for IT-Security Bochum,

  1. Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding Robert Gawlik , Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz Ruhr University Bochum Horst Görtz Institute for IT-Security Bochum, Germany

  2. Crash-Resistance

  3. Crash-Resistance char* addr = 0; void crash(){ addr++; printf("reading %x", addr); char content = *(addr); printf("read done"); } int main(){ MSG msg; SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  4. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ addr++; printf("reading %x", addr); char content = *(addr); printf("read done"); } int main(){ MSG msg; SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  5. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ • Dispatch crash() each ms addr++; printf("reading %x", addr); char content = *(addr); printf("read done"); } int main(){ MSG msg; SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  6. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ • Dispatch crash() each ms addr++; printf("reading %x", addr); • crash() generates a fault on char content = *(addr); first execution printf("read done"); } int main(){ MSG msg; SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  7. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ • Dispatch crash() each ms addr++; printf("reading %x", addr); • crash() generates a fault on char content = *(addr); first execution printf("read done"); } Program should int main(){ MSG msg; terminate abnormally SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  8. NDSS 2016 | San Diego | 02/24/2016

  9. NDSS 2016 | San Diego | 02/24/2016

  10. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ • Dispatch crash() each ms addr++; printf("reading %x", addr); • crash() generates a fault on char content = *(addr); first execution printf("read done"); } Program should int main(){ MSG msg; terminate abnormally SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  11. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ • Dispatch crash() each ms addr++; printf("reading %x", addr); • crash() generates a fault on char content = *(addr); first execution printf("read done"); } Instead: int main(){ MSG msg; Program runs endlessly SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  12. Crash-Resistance char* addr = 0; • Set timer callback crash() void crash(){ • Dispatch crash() each ms addr++; printf("reading %x", addr); • crash() generates a fault on char content = *(addr); first execution printf("read done"); } int main(){ MSG msg; SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  13. Crash-Resistance Behind the Scenes char* addr = 0; DispatchMessage: void crash(){ __try addr++; { printf("reading %x", addr); crash() char content = *(addr); } printf("read done"); __except( expr ) } { int main(){ MSG msg; } SetTimer(0, 0, 1, crash); while (1){ return GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  14. Crash-Resistance Behind the Scenes char* addr = 0; DispatchMessage: void crash(){ __try addr++; { printf("reading %x", addr); crash() char content = *(addr); Access violation } printf("read done"); __except( expr ) } { int main(){ MSG msg; } SetTimer(0, 0, 1, crash); while (1){ return GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  15. Crash-Resistance Behind the Scenes char* addr = 0; DispatchMessage: void crash(){ __try addr++; { printf("reading %x", addr); crash() char content = *(addr); Access violation } printf("read done"); __except( expr ) } expr returns 1 { int main(){ MSG msg; } SetTimer(0, 0, 1, crash); while (1){ return GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  16. Crash-Resistance Behind the Scenes char* addr = 0; DispatchMessage: void crash(){ __try addr++; { printf("reading %x", addr); crash() char content = *(addr); Access violation } printf("read done"); __except( expr ) } expr returns 1 { int main(){ execute handler MSG msg; } SetTimer(0, 0, 1, crash); while (1){ return GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  17. Crash-Resistance Behind the Scenes char* addr = 0; DispatchMessage: void crash(){ __try addr++; { printf("reading %x", addr); crash() char content = *(addr); Access violation } printf("read done"); __except( expr ) } expr returns 1 { int main(){ execute handler MSG msg; } SetTimer(0, 0, 1, crash); continue execution while (1){ return GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  18. Crash-Resistance Behind the Scenes char* addr = 0; DispatchMessage: void crash(){ __try addr++; { printf("reading %x", addr); crash() char content = *(addr); } printf("read done"); __except( expr ) } { int main(){ MSG msg; } SetTimer(0, 0, 1, crash); while (1){ return GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  19. Crash-Resistance Behind the Scenes char* addr = 0; void crash(){ addr++; printf("reading %x", addr); If a fault is generated, char content = *(addr); execution is printf("read done"); transferred to the end } of the loop int main(){ MSG msg; SetTimer(0, 0, 1, crash); while (1){ GetMessage(&msg, NULL, 0, 0); DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  20. Crash-Resistance Behind the Scenes char* addr = 0; void crash(){ addr++; printf("reading %x", addr); If a fault is generated, char content = *(addr); execution is printf("read done"); transferred to the end } of the loop int main(){ MSG msg; SetTimer(0, 0, 1, crash); Program continues while (1){ running despite GetMessage(&msg, NULL, 0, 0); producing faults DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  21. Crash-Resistance Behind the Scenes char* addr = 0; void crash(){ addr++; printf("reading %x", addr); If a fault is generated, char content = *(addr); execution is printf("read done"); transferred to the end } of the loop int main(){ MSG msg; SetTimer(0, 0, 1, crash); Program continues while (1){ running despite GetMessage(&msg, NULL, 0, 0); producing faults DispatchMessage(&msg); } } NDSS 2016 | San Diego | 02/24/2016

  22. Client-Side Crash-Resistance

  23. Client-Side Crash-Resistance • Server applications respawn upon abnormal termination NDSS 2016 | San Diego | 02/24/2016

  24. Client-Side Crash-Resistance • Server applications respawn upon abnormal termination → Attacks: ASLR de-randomization [1]; Hacking Blind [2]; Missing the Point(er) [3] NDSS 2016 | San Diego | 02/24/2016

  25. Client-Side Crash-Resistance • Server applications respawn upon abnormal termination → Attacks: ASLR de-randomization [1]; Hacking Blind [2]; Missing the Point(er) [3] • Client programs do not restart upon a crash (e.g., web browsers ) NDSS 2016 | San Diego | 02/24/2016

  26. Client-Side Crash-Resistance • Server applications respawn upon abnormal termination → Attacks: ASLR de-randomization [1]; Hacking Blind [2]; Missing the Point(er) [3] • Client programs do not restart upon a crash (e.g., web browsers ) • Crash-resistant code constructs are available in browsers NDSS 2016 | San Diego | 02/24/2016

  27. Client-Side Crash-Resistance • Server applications respawn upon abnormal termination → Attacks: ASLR de-randomization [1]; Hacking Blind [2]; Missing the Point(er) [3] • Client programs do not restart upon a crash (e.g., web browsers ) • Crash-resistant code constructs are available in browsers • Crash-resistant code prevents abnormal termination of browsers NDSS 2016 | San Diego | 02/24/2016

  28. Client-Side Crash-Resistance • Server applications respawn upon abnormal termination → Attacks: ASLR de-randomization [1]; Hacking Blind [2]; Missing the Point(er) [3] • Client programs do not restart upon a crash (e.g., web browsers ) • Crash-resistant code constructs are available in browsers • Crash-resistant code prevents abnormal termination of browsers • It is possible to access memory more than once with wrong permissions NDSS 2016 | San Diego | 02/24/2016

Recommend

TCP ECN Experience with enabling ECN on the Internet Padma Bhooma Apple 1 ECN deployment

TCP ECN Experience with enabling ECN on the Internet Padma Bhooma Apple 1 ECN deployment

TCP ECN Experience with enabling ECN on the Internet Padma Bhooma Apple 1 ECN deployment Padma Bhooma MAPRG 98th IETF Chicago March 2017 Using ECN from client side Apple enabled negotiation of TCP ECN (RFC 3168) from the client-side

467 views • 20 slides
An Investigation of Antibiotic g Derivatives to Overcome Resistance Ji Jim Birrell i ll Ezgi

An Investigation of Antibiotic g Derivatives to Overcome Resistance Ji Jim Birrell i ll Ezgi

An Investigation of Antibiotic g Derivatives to Overcome Resistance Ji Jim Birrell i ll Ezgi Hacisuleyman Ting Huang Daniel Johnson Zhiyong Poon Susan Zawaski December 4 th , 2008 Agenda Agenda Background of antibiotic resistance

316 views • 19 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Passenger Vehicle Occupant Fatalities by type of crash 4% 2% Rollover 33% 23% Front Side

Passenger Vehicle Occupant Fatalities by type of crash 4% 2% Rollover 33% 23% Front Side

Passenger Vehicle Occupant Fatalities by type of crash 4% 2% Rollover 33% 23% Front Side Rear Other 39% N=32,335 Source: 2002 FARS Side-impact Crashes (non-rollover) by Crash Partner Passenger Cars Other 19% 21% Narrow Objects

708 views • 4 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Many acting parties on a site

867 views • 62 slides
CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side

CSCC09 Programming on the Web Thierry Sans Architecture of a Web Application Client Side Server Side Web Server Web Browser Web Technologies Content Resources Presentation management Client Side Processing Multimedia The evolution of

1.24k views • 23 slides
Replicated Client-Server Execution to Overcome Unpredictability in Mobile Environment Bing You

Replicated Client-Server Execution to Overcome Unpredictability in Mobile Environment Bing You

Replicated Client-Server Execution to Overcome Unpredictability in Mobile Environment Bing You and Hao Chu Intelligent Space Lab National Taiwan University Outline Problem Related Work Replicated Client-Server Model

546 views • 17 slides
CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser

CSE 154 LECTURE 6: JAVASCRIPT Client-side scripting client-side script : code runs in browser after page is sent back from server often this code manipulates the page or responds to user actions What is JavaScript? a lightweight

643 views • 29 slides
Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client

Cookies and Sessions Thierry Security assumptions You have absolutely no control on the client Client Side Server Side Web Server Database Web Browser Cookies The big picture key/value pairs data Client Side Server Side HTTP request

783 views • 13 slides
New Client Puzzle Outsourcing Techniques for DoS Resistance Paper by Waters, Juels,

New Client Puzzle Outsourcing Techniques for DoS Resistance Paper by Waters, Juels,

New Client Puzzle Outsourcing Techniques for DoS Resistance Paper by Waters, Juels, Halderman, and Felten Presenter: Michael Peck Outline Need for client puzzles Basic idea of client puzzles Related ideas Juels/Brainard

551 views • 39 slides
Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side

CSE 127: Computer Security Modern client-side defenses Deian Stefan Today How can we build flexible and secure client-side web applications (from vulnerable/untrusted components) Modern web sites are complicated Modern web sites are

709 views • 57 slides
DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side

DEFCON DC3158 Summary Summary Client Side Exploitation Attack Chaining. Client Side Exploitation Script Based Attack Powershell,Jscript,Vbscript Vbscript:still people use IE, you can call wmic and powershell script to execute.

428 views • 15 slides
Categories of Client Resistance Chamberlin, Patterson, Reid, Kavanaugh, and Forgatch (1984)

Categories of Client Resistance Chamberlin, Patterson, Reid, Kavanaugh, and Forgatch (1984)

Categories of Client Resistance Chamberlin, Patterson, Reid, Kavanaugh, and Forgatch (1984) Arguing-client contests the accuracy, integrity, or expertise of the therapist Interrupting- client breaks in and interrupts the therapist in a

328 views • 13 slides
Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side

Client-Side Direct I/O for NFS Mike Kupfer kupfer@Eng.Sun.COM 28 February 1997 1 Client-Side Direct I/O for NFS Connectathon 1997 Disclaimer This is not a product announcement. 2 Client-Side Direct I/O for NFS Connectathon 1997

311 views • 16 slides
Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia

Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia

Exploring opportunities Building communities Changing lives Side by Side Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia Side by Side 2 Reducing Social Isolation and Loneliness by enabling and

494 views • 10 slides
CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application Popular attacks Cross-site

266 views • 15 slides
CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering

CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering

CSE 510 Web Data Engineering Client-Side Programming JavaScript UB CSE 510 Web Data Engineering Web Programming Paradigms So far we have seen server-side programming Next Enrich user experience, interactivity with client- side

759 views • 24 slides
Drug blending as a mechanism to overcome drug resistance in cancer therapy. Marc A. Marti-Renom

Drug blending as a mechanism to overcome drug resistance in cancer therapy. Marc A. Marti-Renom

Drug blending as a mechanism to overcome drug resistance in cancer therapy. Marc A. Marti-Renom Structural Genomics Group (ICREA, CNAG-CRG) http://marciuslab.org http://3DGenomes.org http://cnag.crg.eu John Overtingon Bissan Al-Lazikani

730 views • 35 slides
Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various

Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various

Cutting-edge Think Tank BLACK HAT EUROPE 2008 CLIENT-SIDE SECURITY Overview of various Client-Side Hacking Tricks and Techniques pdp Information Security Researcher, founder of the GNUCITIZEN group OBJECTIVES I was planning to...

948 views • 59 slides
Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App

Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App

Challenge: Database Access for Client-side Apps Write Fast, Read in the Past: Causal Consistency for Client-side Apps with SwiftCloud App App Presented by Marek Zawirski App App Inria / UPMC-LIP6, Paris (now at Google, Zrich) Marek

469 views • 13 slides
CLIENT-SIDE STATIC ANALYSIS Ben Livshits, Microsoft Research Overview of Todays Lecture 2

CLIENT-SIDE STATIC ANALYSIS Ben Livshits, Microsoft Research Overview of Todays Lecture 2

CLIENT-SIDE STATIC ANALYSIS Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Client-side JavaScript Browser Analysis of JavaScript Plugins eval and code Extensions obfuscation Firefox extension model

812 views • 51 slides
Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why

Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why

Storing Data Thierry Sans Modern Web Platform Client Side Server Side Web API Database Why using a database Persistency Concurrency (avoid race conditions) Query Scalability SQL vs NoSQL databases Relational database (SQL

475 views • 10 slides
Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Content Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt 3. Server Side Programming Universitt Karlsruhe Fakultt fr Informatik Institut fr Telematik Wintersemester

395 views • 17 slides
Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard

Content Web Engineering 1. Introduction 2. Client Side Programming Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt 3. Server Side Programming Universitt Karlsruhe Fakultt fr Informatik Institut fr Telematik Wintersemester

532 views • 14 slides

More recommend