Code Pointer Examination in Modern Browsers

Astract:

One of the most dangerous classes of computer attacks nowadays are those based on code-reuses techniques. Various approaches have been developed in order to tackle this issue. However all of these approaches have their particular strengths and weaknesses. None of the existing approaches has successfully stopped code-reuse attacks. In 2015 a novel approach, Code Pointer Examination, has been published. The original publication presents the approach along with a proof-of-concept implementation, that is able to detect data-only malware inside the Linux kernel. However the applicability of Code Pointer Examination in userspace has not been analyzed.Thus this thesis aims to analyze the applicability of Code Pointer Examination for the detection of codereuse attacks in userspace applications. In order to do so the applicability is analyzed using two sample usersapce applications. The architectural aspects of these applications relevant to Code Pointer Examination will be analyzed. A code pointer analysis component is implemented by building on top of the existing Code Pointer Examination framework implemented in the inital publication. Also an evaluation of the results obtained by the analysis component will be done. Finally the implications of the obtained results for the applicability of Code Pointer Examination to userspace programs will be analyzed