The Experts below are selected from a list of 6 Experts worldwide ranked by ideXlab platform
Zhang Yining - One of the best experts on this subject based on the ideXlab platform.
-
research on vulnerability Exploit Technique for adobe reader based on reversed engineering and fuzzing test
Journal of Information Engineering University, 2009Co-Authors: Zhang YiningAbstract:With the development of the technology,Fuzz has been adapted by more and more software tests.It is because of complex document format in large software,the efficiency of traditionally Fuzz test is very low.Based on reverse engineering and Fuzz technology,a vulnerability Exploit model has been put forward according to AdobeReader software.
Ian G. Harris - One of the best experts on this subject based on the ideXlab platform.
-
Return-oriented vulnerabilities in ARM executables
2012 IEEE Conference on Technologies for Homeland Security (HST), 2012Co-Authors: Zi-shun Huang, Ian G. HarrisAbstract:Return-oriented programming is a method of computer Exploit Technique which is growing in popularity among attackers because it enables the remote execution of arbitrary code without the need for code injection. Return-to-LibC (Ret2LibC) is the most common return-oriented attack in use today, allowing an attacker to leverage control of the stack to execute common library functions which are already present on the target system, such as LibC. ARM-based processors, commonly used in embedded systems, are not directly vulnerable to Ret2LibC attacks because function arguments in the ARM are passed through registers rather than the stack. In 2011 Itzhak Avraham presented a new Return-to-Zero-Protection (Ret2ZP) attack against ARM processors which enables the same control as a Ret2LibC attack. Our research contribution is to provide a formal definition of the Ret2ZP attack and to define an algorithm to detect vulnerabilities to Ret2ZP in ARM executables. Our algorithm for detecting vulnerabilities can be used to screen executables for vulnerabilities before they are deployed.
Zi-shun Huang - One of the best experts on this subject based on the ideXlab platform.
-
Return-oriented vulnerabilities in ARM executables
2012 IEEE Conference on Technologies for Homeland Security (HST), 2012Co-Authors: Zi-shun Huang, Ian G. HarrisAbstract:Return-oriented programming is a method of computer Exploit Technique which is growing in popularity among attackers because it enables the remote execution of arbitrary code without the need for code injection. Return-to-LibC (Ret2LibC) is the most common return-oriented attack in use today, allowing an attacker to leverage control of the stack to execute common library functions which are already present on the target system, such as LibC. ARM-based processors, commonly used in embedded systems, are not directly vulnerable to Ret2LibC attacks because function arguments in the ARM are passed through registers rather than the stack. In 2011 Itzhak Avraham presented a new Return-to-Zero-Protection (Ret2ZP) attack against ARM processors which enables the same control as a Ret2LibC attack. Our research contribution is to provide a formal definition of the Ret2ZP attack and to define an algorithm to detect vulnerabilities to Ret2ZP in ARM executables. Our algorithm for detecting vulnerabilities can be used to screen executables for vulnerabilities before they are deployed.
