Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Effectiveness of Instruction Set Randomization

Published byElinor Lloyd Modified over 6 years ago

Similar presentations

Presentation on theme: "The Effectiveness of Instruction Set Randomization"— Presentation transcript:

1 The Effectiveness of Instruction Set Randomization
Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul. To appear at USENIX Security, August 2005 Nora Sovarel University of Virginia Computer Science 2005 IEEE Symposium on Security and Privacy

2 Instruction Set Randomization
Encryption Key Decryption Key Compile Load In memory Execution

3 Jump Attack: jmp -2 2-byte instruction Correct: infinite loop Wrong:
Usually crashes Sometimes false positive False positives Conditional jumps Used to reduce the number of attempts (average 24 per byte) eb fe eb fe cd 0xbfffe990 0xbfffe991

4 Requirements Multiple guess attempts on same key
Server forks process No rerandomization Remotely observable behavior Injection at known address Simple encryption scheme Byte-wise Learn key from one plain/cipher pair

5

6 Conclusion http://www.cs.virginia.edu/nora It sometimes works
Possible countermeasures Rerandomize periodically Stronger encryption Where's the FEEB?: The Effectiveness of Instruction Set Randomization. Nora Sovarel, David Evans, Nate Paul. To appear at USENIX Security 2005

Download ppt "The Effectiveness of Instruction Set Randomization"

Similar presentations

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format

Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format
CS 162 Memory Consistency Models. Memory operations are reordered to improve performance Hardware (e.g., store buffer, reorder buffer) Compiler (e.g.,

CS 162 Memory Consistency Models. Memory operations are reordered to improve performance Hardware (e.g., store buffer, reorder buffer) Compiler (e.g.,
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
University of VirginiaDARPA SRS - 27 Jan 20051 Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.

University of VirginiaDARPA SRS - 27 Jan Effectiveness of Instruction Set Randomization Ana Nora Sovarel and David Evans DARPA SRS – Genesis Project.
Conditional statements and Boolean expressions. The if-statement in Java (1) The if-statement is a conditional statement The statement is executed only.

Conditional statements and Boolean expressions. The if-statement in Java (1) The if-statement is a conditional statement The statement is executed only.
Implementing Remote Procedure Calls Andrew Birrell and Bruce Nelson Presented by Kai Cong.

Implementing Remote Procedure Calls Andrew Birrell and Bruce Nelson Presented by Kai Cong.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Software-based Code Attestation for Wireless Sensors.

Software-based Code Attestation for Wireless Sensors.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Maziéres, Dan Boneh
1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)

1 RISE: Randomization Techniques for Software Security Dawn Song CMU Joint work with Monica Chew (UC Berkeley)
Arvind and Joel Emer Computer Science and Artificial Intelligence Laboratory M.I.T. Branch Prediction.

Arvind and Joel Emer Computer Science and Artificial Intelligence Laboratory M.I.T. Branch Prediction.
1 CS 550 - Programming Languages Random Access Machines Jeremy R. Johnson.

1 CS Programming Languages Random Access Machines Jeremy R. Johnson.
Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.

Cryptographic Voting Protocols: A Systems Perspective By Chris Karlof, Naveen Sastry, and David Wagner University of California, Berkely Proceedings of.
The Impact of Programming Language Theory on Computer Security Drew Dean Computer Science Laboratory SRI International.

The Impact of Programming Language Theory on Computer Security Drew Dean Computer Science Laboratory SRI International.
G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.

G ENESIS : A Framework For Achieving Component Diversity John C. Knight, Jack W. Davidson, David Evans, Anh Nguyen-Tuong University of Virginia Chenxi.
On the Effectiveness of Address-Space Randomization CS6V81 - 005 Brian Ricks and Vasundhara Chimmad.

On the Effectiveness of Address-Space Randomization CS6V Brian Ricks and Vasundhara Chimmad.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Similar presentations

Ads by Google