Name: Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
Start: 2016-08-11T10:00:00-0700
End: 2016-08-11T10:30:00-0700

Back To Schedule

Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks

Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisorbased memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, and OS independent protection against all spraying techniques known to date. We developed a prototype open source framework based on our approach, and we thoroughly evaluated it against all known variations of spraying attacks on two operating systems: Linux and Microsoft Windows. Our tool can be applied out of the box to protect any application, and its overhead can be tuned according to the application behavior and to the desired level of protection.

Speakers

Davide Balzarotti

Professor, Eurecom Institute, France

Davide Balzarotti is a Professor in the Digital Security Department at Eurecom, in the French Riviera. His research interests cover most aspects of system security and in particular the areas of binary and malware analysis, reverse engineering, computer forensics, and web security... Read More →

25th USENIX Security Symposium

Davide Balzarotti

Stefano Cristalli

Mariano Graziano

Andrea Lanzi

Mattia Pagnozzi

Attendees (5)

25th USENIX Security Symposium

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Davide Balzarotti

Stefano Cristalli

Mariano Graziano

Andrea Lanzi

Mattia Pagnozzi

Attendees (5)