Abstract

Exploiting modern software requires sophisticated attack vectors in order to bypass software protection mechanisms. Code-reuse Attacks (CRAs) is a widely used approach to attack modern software even after applying memory protection defenses. Using the program’s own code and manipulating data and code are possible because of the underlying vulnerabilities in the software codes or design. This paper covers the foundation of the memory-based attacks and provides an extensive overview of the memory safety issues and exploitation methods, control flow attacks foundation, and code-reuse attack categories. Focusing on the differences between the different methods employed to mitigate code-reused attacks. We apply an analysis technique for the covered CRAs in order to assist in the ranking and evaluation process. The decision-making technique of choice is SMAA-2, which is employed in the analysis of the mitigation defenses and techniques. This novel approach in the evaluation of the CRAs mitigations helps Decision Makers (DM) in the selection process of certain CRA techniques over others.

Statistics