Abstract
Address Space Layout Randomization (ASLR) and Control Flow Integrity (CFI) have been regarded as the most effective defenses against control flow hijacking attacks. However, researchers have recently shown that data-oriented attacks can circumvent both ASLR and CFI, and are even Turing-complete. These attacks often leverage encapsulated data structures to achieve malicious behaviors. To defeat data structure oriented attacks (DSOA), we propose data structure layout randomization techniques. Our method not only randomizes the data structure layout at compile time, but also inserts the padding bytes to increase entropy. Experimental results show that our method can defeat DSOA with low performance overhead (2.1% on average).
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
