ROPocop - Dynamic Mitigation of Code-Reuse Attacks

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but nevertheless, new exploits that successfully bypass these technologies still appear on a regular basis. In this paper, we propose ROPocop, a novel approach for detecting and preventing the execution of injected code and for mitigating code-reuse attacks such as return-oriented programming (RoP). ROPocop uses dynamic binary instrumentation, requiring neither access to source code nor debug symbols or changes to the operating system. It mitigates attacks by both monitoring the program counter at potentially dangerous points and by detecting suspicious program flows. We have implemented ROPocop for Windows x86 using PIN, a dynamic program instrumentation framework from Intel. Benchmarks using the SPEC CPU2006 suite show an average overhead of 2.4x, which is comparable to similar approaches, which give weaker guarantees. Real-world applications show only an initially noticeable input lag and no stutter. In our evaluation our tool successfully detected all 11 of the latest real-world code-reuse exploits, with no false alarms. Therefore, despite the overhead, it is a viable, temporary solution to secure critical systems against exploits if a vendor patch is not yet available

Analyzing the Gadgets Towards a Metric to Measure Gadget Quality

Current low-level exploits often rely on code-reuse, whereby short sections of code (gadgets) are chained together into a coherent exploit that can be executed without the need to inject any code. Several protection mechanisms attempt to eliminate this attack vector by applying code transformations to reduce the number of available gadgets. Nevertheless, it has emerged that the residual gadgets can still be sufficient to conduct a successful attack. Crucially, the lack of a common metric for "gadget quality" hinders the effective comparison of current mitigations. This work proposes four metrics that assign scores to a set of gadgets, measuring quality, usefulness, and practicality. We apply these metrics to binaries produced when compiling programs for architectures implementing Intel's recent MPX CPU extensions. Our results demonstrate a 17% increase in useful gadgets in MPX binaries, and a decrease in side-effects and preconditions, making them better suited for ROP attacks.Comment: International Symposium on Engineering Secure Software and Systems, Apr 2016, London, United Kingdo

A work-in-progress politics of space:Activist projects and the negotiation of throwntogetherness within the hostile environment of Hungarian politics

For Doreen Massey, space is a challenge of multiplicity, encounter and relation: a ‘throwntogetherness’ that demands ongoing negotiation. Space, Massey argues, is open—it is capable of being made otherwise. Drawing on Massey’s ideas, this essay reflects on the everyday political work of community projects to open up space for new possibilities of living with difference within hostile political environments. Through a combination of ethnographic storytelling, photography and diagrammatic sketches, I follow ‘stories-so-far’ from the Auróra community centre in Budapest, Hungary and its members’ project to build a community garden. Rather than focus on prevailing discourses which frame Hungarian politics as a battle between an illiberal government and a liberal opposition, I shift attention to everyday experiences of this hostile political environment by examining projects as mundane and local techniques through which community groups describe, assemble, and work on their own better possible futures. In so doing, I also argue for a praxeological, rather than ontological reading of Massey’s work: rather than presuming a priori that all space is open, we should follow Massey in analysing the situated and ongoing ‘terms of engagement’ through which people open up—and close down—better possible spaces and better ways of living with difference

SPATIAL AND TEMPORAL DISTRIBUTION OF HYDROTHERMAL MINERALS AND SOURCES OF HYDROTHERMAL FLUIDS INFERRED FROM LIGHT STABLE ISOTOPES, KEWEENAW PENINSULA NATIVE COPPER DISTRICT, MICHIGAN

Hydrothermal native copper deposits are hosted by Mesoproterozoic Midcontinent Rift-filling volcanic and sedimentary rocks in Michigan’s Keweenaw Peninsula. The genesis of the native copper deposits has been a point of interest since their discovery. Native copper and associated mineral assemblages vary temporally and spatially. A refined mineral paragenesis is presented and used as the basis to spatially compare mineral assemblages as it is essential that spatial comparison involve only minerals that are temporally/genetically, related to each other. The main-stage minerals associated with precipitation of native copper are spatially zoned. The higher-grade zones correspond to the area of native copper deposits and cross-cut stratigraphy. Late-stage minerals are superimposed on main-stage minerals and are not spatially zoned. The mineral assemblages can be equated to temperature of precipitation through previously published experimental metamorphic petrology, mineral chemistry, and stable isotope pairs. Synthesis of previously published and new light stable isotopic data on hydrothermal minerals are used to draw inferences about the sources of the hydrothermal fluids. The equated temperatures of precipitation with isotopic fractionation equations are used to calculate the isotopic composition of the hydrothermal fluids. The oxygen isotopic composition of main-stage hydrothermal fluids based on isotopic composition of calcite, quartz, and chlorite, when combined with limited hydrogen isotope data for chlorite, epidote, and pumpellyite infer that the fluids were generated by metamorphogenic processes. These copper-bearing hydrothermal/metamorphogenic fluids rose from the deep source zone and mixed with meteoric waters in the zone of precipitation of native copper and associated minerals. Prior to mixing, the relatively shallow meteoric waters may have evolved in the rift-filling clastic sedimentary rocks overlying rift-filling basalts. Main-stage calcite can be distinguished from late-stage calcite by oxygen and carbon isotopes suggesting a different source of the late-stage hydrothermal fluids. The late-stage hydrothermal fluids are primarily meteoric waters although the meteoric waters may also have evolved in the rift-filling sedimentary rocks. Mixing of late-stage fluids with metamorphogenic fluids cannot be precluded. This study confirms the long-held hypothesis that the native copper precipitating hydrothermal fluids were generated by burial metamorphism. The hypothesis that fluid mixing was a mechanism promoting precipitation of native copper is supported by this study. In contrast, post-native copper late-stage fluids are dominantly meteoric water

Tangible Cash for an Intangible Loss? Insurance Coverage for Damage or Loss or Third-Party Data

Will general business insurance cover liability for electronic data loss? A recent change to Commercial General Liability language specifies that data is not “tangible property” for CGL coverage. However, many companies may still be covered by older policies that do not contain this express exclusion. Case law interpreting the older policy language tends to deny coverage for the lost data itself, but successful claims have been made based on the loss of use of hardware caused by a data loss

Pop Goes the Trademark? Competitive Advertising on the Internet

The rights and obligations of online advertisers are uncertain in light of recent technological developments. There is not yet a consensus regarding the application of existing advertising law doctrines to the use of trademarks to trigger search result ads or “pop-up” ads on the Internet. However, the developing majority position will allow trademark-triggered ads that properly identify their source, and who’s content is not confusing to consumers. In addition, pending legislation may restrict or even outlaw adware

Working through our differences:Limits of ontology in the ordinary lives of critical geographical theory

You won’t get far in geographical theory today without bumping into one ontology or another. Metaphysical assertions about key spatial concepts – ‘space is open’, ‘community is exclusionary’, ‘the political is agonistic’ – guide empirical analysis. In this mode of theorising, the vocation of critical geography is to correct conceptual misunderstandings and thereby direct political action. Curiously perhaps, the geographer becomes one who – in the name of emancipatory projects – points people to their proper place. An alternative approach to critical theory might consider instead how people place themselves. Just such a concern animates the varied enterprises operating under the name of ordinary language philosophy. This article examines how philosophies of ordinary language might contribute to new avenues of geographical research by examining the relationship between Stanley Cavell's writings on the human voice as a site of embodied and passionate response and Clive Barnett's call for an action-theoretic approach to social inquiry as an alternative to ontological critique. Taken together, their work recommends a programme of inquiry into ordinary critical geographies: how people circumstantiate the meaning, worth and wisdom of their actions, and, in doing so, work to place themselves in the world