Mon, 25. Sep. 2017   Davi, Lucas

Paper Accepted at ACSAC 2017

Breaking and Fixing Destructive Code Reads

Destructive code reads (DCR) prevent the attacker from executing code that has been read before. In collaboration with Ruhr-University Bochum, we demonstrated that memory corruption defenses based on DCR can be bypassed regardless of the underlying code randomization scheme. To mitigate such attacks, we also present a novel mitigation technique that protects legacy binaries. In particular, we enforce memory permissions on a byte-granular level allowing us to combine DCR with execute-only memory protection. The results of this research will be published at ACSAC 2017: Jannik Pewny, Philipp Koppe, Lucas Davi, Thorsten Holz: Breaking and Fixing Destructive Code Read Defenses. In: Proc. of 33nd Annual Computer Security Applications Conference (ACSAC). 2017.