search for: monrose

...of the address space. A recent paper at Oakland proposed a "just-in-time code reuse" attack that repeatedly uses a memory disclosure and JITs an attack based on the results [1]. So while it does make the attackers job harder, it doesn't prevent such attacks. 1. Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. Just-In-Time Code Resule: On the Effectiveness of Find-Grained Address Space Layout Randomization. In Proceedings of the IEEE Symposium on Security and Privacy ("Oakland") 2013. <http://cs.unc.edu/~fabian/...

Greetings LLVM Devs! I am a PhD student in the Secure Systems and Software Lab at UC Irvine. We have been working on adding randomness into code generation to create a diverse population of binaries. This diversity prevents code-reuse attacks such as return-oriented-programming (ROP) by denying the attacker information about the exact code layout. ROP has been used is several high-profile recent