The research, entitled improperly weaknesses performance optimization to bypass ASLR identifies a power characteristic, the Android-protection software called weakens the design space of random addressing (ASLR), so that software components vulnerable to attacks that bypass protection. The work is help for the safety of professionals to recognize and understand the future direction of these attacks.
The work was at the Center for Information Technology Security Georgia (GTISC) Lee Jang Byoungyoung doctoral students and researchers Yeongjin Tielei Wang carried out and shows that the introduction of performance optimization features accidentally damage guarantees security of a system otherwise prohibited. In addition to describing how the vulnerabilities that show from all the above, actual attacks that exploit them.
"In order to optimize subject tracking some programming languages, interpreters for the languages may leak information management," Lee, principal investigator of the effort said. "As a concrete example we will show how information can be filtered address in the Safari web browser by simply running a little JavaScript."
Avoid the use of ASLR leaks hash table has been thought due to their complexity, obsolete. In order to thoroughly investigate the different implementations of the language and the presentation of specific attacks targeting the research to show that the problem is still relevant. ADVERTISING
"As part of our presentation, we will present an analysis of the development process of zygote Android model," Lee said. "The results show that ASLR zygote weakens as all applications are largely identical with designs from memory, created to highlight the problem, we show two attacks ASLR bypass with various real-world applications - Google Chrome .. And VLC Media Player"
The Black Hat Briefings was created about 16 years ago to provide information security professionals a place to learn the latest security risks of information, research and development.(BD IT TALK) Presented by the brightest in the industry, information, events ranging from critical infrastructure information to computer systems prevalent in the society in order to use the latest research and development of INFOSEC. These reports are independent of the supplier, the moderators can speak openly about the real problems and possible both by the public and private sector solutions.
