An initial evaluation of ROP-based JIT-compilation

Return-oriented programming (ROP) is a security exploit technique that allows an attacker to execute code in the presence of security defences. By modifying the contents of the runtime stack, the program control flow can be changed to execute specific machine sequences called gadgets. This new way of thinking about program flow may be useful for improving the runtime performance of specific language features such as structural reflection, dynamic code evaluation, and function composition. This article presents an initial evaluation of ROP as a JIT-compilation technique. We compare runtime performance, memory consumption and compilation time of four different back-ends, including ROP, of a simple stack-based virtual machine.

Download: An initial evaluation of ROP-based JIT-compilation

Posted in publications

Proactive detection of kernel-mode rootkits

The sophistication of malicious software (malware)
used to break the computer security has increased
exponentially in the last years. Frequently, malware is hidden
into a computer by software components called rootkits.
Therefore, early detection of rootkits is of primary importance
to avoid the uncontrolled operation of malware. Most of
current techniques for rootkit detection only allow a late
detection after the malware has already been hidden by a
rootkit. In this paper, a new technique is presented that
enables the proactive detection of rootkits while they are
hiding malware, and therefore, allowing that hiding can be
avoided. The technique has been designed for rootkits that
operate in kernel-mode. This rootkits are particularly difficult
to detect because both the detector and the rootkit are executed
with the same privileges. This technique can be used to
improve the detection capabilities of intrusion detection and
prevention systems.

Download: ARES

Tagged with:
Posted in publications

Rootkits survey: a concealment story

Computer security is an old problem, as old as
computers themselves. The evolution of computer threats has
also experienced an exponential complexity development, being
the last example of that evolution the malware categorized as
rootkits or stealth malware. A rootkit is code that is used by an
attacker to keep the legitimate users and administrators of a
system unaware of the code, and thus the attacker’s presence
on the compromised system. This paper will discuss the history
of rootkits from the basic modification of system binaries to the
cutting edge research being develop today. A discussion of each
type of rootkit will be followed by an overview of rootkit
detection techniques and how to know when a rootkit has been
deployed. Finally new techniques and research directions will
be discussed.

Download: Survey

Tagged with:
Posted in publications
In Archive