Skip to main content
To KTH's start page

Code-Reuse Attacks in Managed Programming Languages and Runtimes

Time: Fri 2024-11-01 09.00

Location: E2, 1337, Osquars backe 2

Video link: https://kth-se.zoom.us/s/67516226890

Language: English

Subject area: Computer Science

Doctoral student: Mikhail Shcherbakov , Teoretisk datalogi, TCS, Language-Based Security

Opponent: Associate Professor Yinzhi Cao, Johns Hopkins University, Baltimore, MD, USA

Supervisor: Associate Professor Musard Balliu, Teoretisk datalogi, TCS; Professor Mads Dam, Teoretisk datalogi, TCS

Export to calendar

QC 20241014

Abstract

The ubiquity of digital systems in modern society highlights the critical importance of software security. As applications grow in complexity, the threats targeting them have also become more sophisticated. Managed programming languages such as C# and JavaScript, widely used in modern software development, support memory safety properties to avoid common vulnerabilities like buffer overflows. However, while these languages guard against many traditional memory corruption issues, they are not impervious to all forms of attack. Code-reuse attacks represent a significant threat within this context, as they exploit the program's logic, allowing attackers to repurpose existing code within the system to achieve malicious objectives.

Code-reuse attacks present a unique challenge in managed languages because they manipulate legitimate code fragments, making detection and prevention particularly difficult. As these threats continue to evolve, it is increasingly vital to systematically understand and mitigate code-reuse attacks in memory-safe languages. This thesis addresses this challenge by investigating the vulnerabilities inherent in managed languages and their runtimes.

The thesis presents a new taxonomy for code-reuse attacks in managed languages and runtimes. This taxonomy systematically categorizes code-reuse attacks, identifying the key components and their combinations that lead to successful exploits. By offering a structured framework for understanding the key ingredients of code-reuse attacks, this work advances the field of software security. The thesis designs and implements scalable (static and dynamic) program analysis techniques for detecting two classes of code-reuse attacks: object injection vulnerabilities in C# and prototype pollution vulnerabilities in JavaScript. It focuses on the root causes of these attacks and provides systematic approaches for addressing them.

This work introduces four tools designed to identify and exploit code-reuse attacks in real-world applications: SerialDetector, Silent Spring, Dasty, and GHunter. We developed them to perform static and dynamic analyses, successfully identifying critical vulnerabilities in popular applications, libraries, and runtimes. We report the results of large-scale evaluations, demonstrating the effectiveness of these tools and our approaches in detecting and exploiting vulnerabilities that could lead to significant security breaches. The results of this work highlight the importance of ongoing research and development in the field of cybersecurity, particularly as threats continue to evolve and become more sophisticated. 

urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-354771