About us
Espace utilisateur
Education
INSTN offers more than 40 diplomas from operator level to post-graduate degree level. 30% of our students are international students.
Professionnal development
Professionnal development
Find a training course
INSTN delivers off-the-self or tailor-made training courses to support the operational excellence of your talents.
Human capital solutions
At INSTN, we are committed to providing our partners with the best human capital solutions to develop and deliver safe & sustainable projects.
Thesis
Home   /   Thesis   /   Code-Reuse Attacks : Automated Exploitation and Defense

Code-Reuse Attacks : Automated Exploitation and Defense

Computer science and software Cyber security : hardware and sofware Engineering sciences Technological challenges

Abstract

Software vulnerabilities due to memory management errors are among the easiest to exploit. To prevent an attacker from injecting its own arbitrary code (shellcode), modern systems commonly enforce a Data Execution Prevention (DEP), often implemented as segment permissions (Write xor Execute – W^E).
Yet, Code-Reuse Attacks have emerged to circumvent the DEP protections. Thanks to a memory logic issue, the attacker hijacks the control flow of the target program and chains small code fragments referred to as gadgets to build the desired behavior, through so-called Return-Oriented Programming (ROP) or Jump-Oriented Programming (JOP).
In the past years, several research efforts have explored how to automate the construction of code reuse attacks from basic "on stack" attacks, lowering the barrier to such advanced methods. On the other side, program hardening relies on randomized memory layout (e.g. Address Space Layout Randomization – ASLR), Control Flow Integrity (CFI) or stack protection mechanism (e.g. Shadow Stack) to keep the
attacker in check. Still, some of these protection may be costly (execution time, specialized hardware, etc.).

The general goal of this PhD topic is to improve the state of the art of the automatic exploit generation landscape for the purpose of security assessment of anti-code-reuse protection. We will follow two trend:
(1) on the one hand the candidate will push automated code-reuse automation methods, by taking into account the knowledge of the protection to guide the research to valid exploit only, prospectively cutting-off in the search space, and by looking for synergies between the ROP/JOP chaining and program synthesis methods such as syntax guided synthesis or stochastic synthesis methods;
(2) on the other hand, once the potential of such methods is better understood, the candidate will design effective defense against them, based on a comprehensive analysis of their main strengths and weaknesses.

Laboratory

Département Ingénierie Logiciels et Systèmes (LIST)
LSL (DILS)
Laboratoire pour la Sûreté du Logiciel
Université de Lorraine
Top envelopegraduation-hatlicensebookuserusersmap-markercalendar-fullbubblecrossmenuarrow-down