Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
ReRanz: a light-weight virtual machine to mitigate memory disclosure attacks
Wang Z., Wu C., Li J., Lai Y., Zhang X., Hsu W., Cheng Y.  VEE 2017 (Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, Xi’an, China, Apr 8-9, 2017)143-156.2017.Type:Proceedings
Date Reviewed: May 11 2018

When a hacker exploits a buffer overflow, the objective is to get the target to execute code that will give the hacker control of the machine. Modern hardware prevents straightforward code injection, so the hacker makes use of code fragments that already exist in the target’s executable program. ReRanz parries this attack by randomly moving code around during execution, so that the hacker cannot determine the current addresses of the necessary fragments.

The authors give a short history of the arms race between attackers and defenders, providing the reader with a clear understanding of the issues involved. A detailed description of the design of ReRanz, covering the threat model, assumptions, design decisions, and implementation, follows. Challenges and optimization are explored, and the performance of ReRanz is evaluated through defense against attacks on several existing systems.

This paper is accessible to someone who understands the basic principle of a buffer overflow attack. The presentation is clear, and the general strategy can be appreciated from a relatively casual perusal. A careful reading, with pencil and paper at hand, is needed to ferret out the details and appreciate the subtlety of the tactics employed. Some understanding of modern hardware is needed for this level of understanding.

I found this paper interesting and informative, and would recommend it to those who, like me, are interested but not experts in the area.

Reviewer:  W. M. Waite Review #: CR146029 (1807-0385)
Bookmark and Share
 
Code Generation (D.3.4 ... )
 
 
Security and Protection (D.4.6 )
 
Would you recommend this review?
yes
no
Other reviews under "Code Generation": Date
Attributed linear intermediate representations for retargetable code generators
Ganapathi M., Fischer C. Software--Practice & Experience 14(4): 347-364, 1984. Type: Article
Mar 1 1985
Register Allocation in Optimizing Compilers
Leverett B., University Microfilms Int’l. (UMI), Ann Arbor, MI, 1983. Type: Book (9789780835715300)
Feb 1 1985
Code generation and optimization
Graham S., Cambridge University Press, New York, NY, 1984. Type: Book (9780521268431)
Jul 1 1985
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy