JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Improvement of Runtime Intrusion Prevention Evaluator (RIPE)
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of KIISE
  • Volume 42, Issue 8,  2015, pp.1049-1056
  • Publisher : Korean Institute of Information Scientists and Engineers
  • DOI : 10.5626/JOK.2015.42.8.1049
 Title & Authors
Improvement of Runtime Intrusion Prevention Evaluator (RIPE)
Lee, Hyungyu; Lee, Damho; Kim, Taehwan; Cho, Donghwang; Lee, Sanghoon; Kim, Hoonkyu; Pyo, Changwoo;
 
 Abstract
Runtime Intrusion Prevention Evaluator (RIPE), published in 2011, is a benchmark suite for evaluating mitigation techniques against 850 attack patterns using only buffer overflow. Since RIPE is built as a single process, defense and attack routines cannot help sharing process states and address space layouts when RIPE is tested. As a result, attack routines can access the memory space for defense routines without restriction. We separate RIPE into two independent processes of defense and attacks so that mitigations based on confidentiality such as address space layout randomization are properly evaluated. In addition, we add an execution mode to test robustness against brute force attacks. Finally, we extend RIPE by adding 38 attack forms to perform format string attacks and virtual table (vtable) hijacking attacks. The revised RIPE contributes to the diversification of attack patterns and precise evaluation of the effectiveness of mitigations.
 Keywords
RIPE;buffer overflow;Address Space Layout Randomization (ASLR);format string attack;vtable hijacking;
 Language
Korean
 Cited by
 References
1.
L. Szekeres, M. Payer, T. Wei, and D. Song, "SoK: Eternal war in memory," IEEE Symposium on Security and Privacy, pp. 48-62, 2013.

2.
J. L. Henning, "SPEC CPU2006 benchmark descriptions," SIGARCH Comput. Archit. News, Vol. 34, pp. 1-17, Sep. 2006.

3.
J. Wilander, N. Nikiforakis, Y. Younan, M. Kamkar, W. Joosen, "RIPE: Runtime Intrusion Prevention Evaluator," ACSAC, pp. 44-50, 2011.

4.
PaX-Team. PaX ASLR (Address Space Layout Randomization) [Online]. Available: http://pax.grsecurity.net/docs/aslr.txt, 2003.

5.
A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, D. Boneh, "Hacking Blind," IEEE Symposium on Security and Privacy, pp. 227-242, 2014.

6.
N. Tim, Format String Attacks [Online]. http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1%387, 2000.

7.
J. Afek, and A. Sharabani, "Dangling Pointer -Smashing The Pointer For Fun And Profit," Black-Hat USA, 2007.

8.
Rix, "Smashing $c^{++}$ vptrs," Phrack, Vol. 10, No. 56, 2000.

9.
A. van de Ven, I. Molnar, Exec Shield [Online]. Available: https://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf, 2004.

10.
H. Shacham, M. Page, B. Pfaff, E. J. Goh, N. Moda-Modadugu, D. Boneh, "On the effectiveness of addressspace randomization," CCS 2004, pp. 298-307, 2004.

11.
A. Gupta, J. Habibi. M. S. Kirkpatrick, E. Bertino, "Marlin: Mitigating code reuse attacks using code randomization," TDSC 2014, pp. 1-14, 2014.

12.
R. Wartell, V. Mohan, K. W. Hamlen, Z. Lin, "Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code," CCS 2012, pp. 157-168, 2012.

13.
R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, T. Walter, "Breaking the memory secrecy assumption," EuroSys Conference, pp. 1-8, 2009.

14.
Y. Ding, C. Zhang, T. Wei, "Unider: Exploit Attack Emulator Armed with State-of-Art Exploit Techniques," NDSS 2014.