Arbitrary Code Execution - Explore the Science & Experts | ideXlab



Scan Science and Technology

Contact Leading Edge Experts & Companies

Arbitrary Code Execution

The Experts below are selected from a list of 2079 Experts worldwide ranked by ideXlab platform

Arbitrary Code Execution – Free Register to Access Experts & Abstracts

Alexander A Shvartsman – One of the best experts on this subject based on the ideXlab platform.

  • malicious takeover of voting systems Arbitrary Code Execution on optical scan voting terminals
    ACM Symposium on Applied Computing, 2013
    Co-Authors: Russell J Jancewicz, Aggelos Kiayias, Laurent Michel, Alexander Russell, Alexander A Shvartsman

    Abstract:

    This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary Code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected Code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the Execution of the Arbitrary Code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source Code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

    Free Register to Access Article

  • SAC – Malicious takeover of voting systems: Arbitrary Code Execution on optical scan voting terminals
    Proceedings of the 28th Annual ACM Symposium on Applied Computing – SAC '13, 2013
    Co-Authors: Russell J Jancewicz, Aggelos Kiayias, Laurent Michel, Alexander Russell, Alexander A Shvartsman

    Abstract:

    This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary Code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected Code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the Execution of the Arbitrary Code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source Code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

    Free Register to Access Article

Russell J Jancewicz – One of the best experts on this subject based on the ideXlab platform.

  • malicious takeover of voting systems Arbitrary Code Execution on optical scan voting terminals
    ACM Symposium on Applied Computing, 2013
    Co-Authors: Russell J Jancewicz, Aggelos Kiayias, Laurent Michel, Alexander Russell, Alexander A Shvartsman

    Abstract:

    This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary Code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected Code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the Execution of the Arbitrary Code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source Code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

    Free Register to Access Article

  • SAC – Malicious takeover of voting systems: Arbitrary Code Execution on optical scan voting terminals
    Proceedings of the 28th Annual ACM Symposium on Applied Computing – SAC '13, 2013
    Co-Authors: Russell J Jancewicz, Aggelos Kiayias, Laurent Michel, Alexander Russell, Alexander A Shvartsman

    Abstract:

    This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system’s firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary Code that exploits careless runtime memory management in the system’s firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected Code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the Execution of the Arbitrary Code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source Code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

    Free Register to Access Article

Angelos D. Keromytis – One of the best experts on this subject based on the ideXlab platform.

  • Moving Target Defense – Practical Software Diversification Using In-Place Code Randomization
    Moving Target Defense II, 2012
    Co-Authors: Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis

    Abstract:

    The wide adoption of non-executable page protections has given rise to attacks that employ return-oriented programming (ROP) to achieve Arbitrary Code Execution without the injection of any Code. Existing defenses against ROP exploits either require source Code or symbolic debugging information, or impose a significant runtime overhead, which limits their applicability for the protection of third-party applications. Aiming for a practical mitication against ROP attacks, we introduce in-place Code randomization, a software diversification technique that can be applied directly on third-party software. Our method uses various narrow-scope Code transformations that can be applied statically, without changing the location of basic blocks, allowing the safe randomization of stripped binaries even with partial disassembly coverage. We demonstrate how in-place Code randomization can prevent the exploitation of vulnerable Windows 7 applications, including Adobe Reader, as well as the automated construction of reliable ROP payloads.

    Free Register to Access Article

  • smashing the gadgets hindering return oriented programming using in place Code randomization
    IEEE Symposium on Security and Privacy, 2012
    Co-Authors: Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis

    Abstract:

    The wide adoption of non-executable page protections in recent versions of popular operating systems has given rise to attacks that employ return-oriented programming (ROP) to achieve Arbitrary Code Execution without the injection of any Code. Existing defenses against ROP exploits either require source Code or symbolic debugging information, or impose a significant runtime overhead, which limits their applicability for the protection of third-party applications. In this paper we present in-place Code randomization, a practical mitigation technique against ROP attacks that can be applied directly on third-party software. Our method uses various narrow-scope Code transformations that can be applied statically, without changing the location of basic blocks, allowing the safe randomization of stripped binaries even with partial disassembly coverage. These transformations effectively eliminate about 10%, and probabilistically break about 80% of the useful instruction sequences found in a large set of PE files. Since no additional Code is inserted, in-place Code randomization does not incur any measurable runtime overhead, enabling it to be easily used in tandem with existing exploit mitigations such as address space layout randomization. Our evaluation using publicly available ROP exploits and two ROP Code generation toolkits demonstrates that our technique prevents the exploitation of the tested vulnerable Windows 7 applications, including Adobe Reader, as well as the automated construction of alternative ROP payloads that aim to circumvent in-place Code randomization using solely any remaining unaffected instruction sequences.

    Free Register to Access Article

  • IEEE Symposium on Security and Privacy – Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization
    2012 IEEE Symposium on Security and Privacy, 2012
    Co-Authors: Vasilis Pappas, Michalis Polychronakis, Angelos D. Keromytis

    Abstract:

    The wide adoption of non-executable page protections in recent versions of popular operating systems has given rise to attacks that employ return-oriented programming (ROP) to achieve Arbitrary Code Execution without the injection of any Code. Existing defenses against ROP exploits either require source Code or symbolic debugging information, or impose a significant runtime overhead, which limits their applicability for the protection of third-party applications. In this paper we present in-place Code randomization, a practical mitigation technique against ROP attacks that can be applied directly on third-party software. Our method uses various narrow-scope Code transformations that can be applied statically, without changing the location of basic blocks, allowing the safe randomization of stripped binaries even with partial disassembly coverage. These transformations effectively eliminate about 10%, and probabilistically break about 80% of the useful instruction sequences found in a large set of PE files. Since no additional Code is inserted, in-place Code randomization does not incur any measurable runtime overhead, enabling it to be easily used in tandem with existing exploit mitigations such as address space layout randomization. Our evaluation using publicly available ROP exploits and two ROP Code generation toolkits demonstrates that our technique prevents the exploitation of the tested vulnerable Windows 7 applications, including Adobe Reader, as well as the automated construction of alternative ROP payloads that aim to circumvent in-place Code randomization using solely any remaining unaffected instruction sequences.

    Free Register to Access Article