ROP Gadgets hiding techniques in Open Source Projects

Prati, Marco (2012) ROP Gadgets hiding techniques in Open Source Projects. [Laurea magistrale], Università di Bologna, Corso di Studio in Ingegneria informatica [LM-DM270] - Cesena
Documenti full-text disponibili:
Documento PDF
Download (844kB) | Anteprima


Today there are many techniques that allows to exploit vulnerabilities of an application; there are also many techniques that are designed to stop these exploit attacks. This thesis wants to highlight how a specific type of attack, based on a technique called Return Oriented Programming (ROP), can be easily applied to binaries with particular characteristics. A new method that allows the injection of "useful" code in an Open Source projects without arousing suspicions is presented; this is possible because of the harmless aspects of the injected code. This useful code facilitate a ROP attack against an executable that contains vulnerable bugs. The injection process can be visualized in environment where an user can contribute with own code to a particular Open Source project. This thesis also highlights how current software protections are not correctly applied to Open Source project, thus enabling the proposed approach.

Tipologia del documento
Tesi di laurea (Laurea magistrale)
Autore della tesi
Prati, Marco
Relatore della tesi
Correlatore della tesi
Corso di studio
Ordinamento Cds
Parole chiave
ROP, Security, Buffer Overflows, Open Source, Exploit
Data di discussione della Tesi
20 Dicembre 2012

Altri metadati

Statistica sui download

Gestione del documento: Visualizza il documento