In this paper, we show a significant design vulnerability in Windows CFG and propose a specific attack to exploit it: the Back to The Epilogue (BATE) attack. We show that with BATE an attacker can completely evade from CFG and transfer control to any location, thus obtaining arbitrary code execution. BATE leverages the tradeoff of CFG between precision, performance, and backwards compatibility; in particular, the latter one motivates 16-byte address granularity in some circumstances. This vulnerability, inherent to the CFG design, allows us to call portions of code (gadgets) that should not be allowed, and that we can chain together to escape CFG. These gadgets are very common: we ran a thorough evaluation of Windows system libraries, and found many high value targets -exploitable gadgets in code loaded by almost all the applications on 32-bit systems and by web browsers on 64-bit. We also demonstrate the real-world feasibility of our attack by using it to build a remote code execution exploit against the Microsoft Edge web browser running on 64-bit Windows 10. Finally, we discuss possible countermeasures to BATE.
Autonomous robots will soon enter our everyday life as self-driving cars. These vehicles are designed to behave according to certain sets of cooperative rules, such as traffic ones, and to respond to events that might be unpredictable in their occurrence but predictable in their nature, such as a pedestrian suddenly crossing a street, or another car losing control. As civilian autonomous cars will cross the road, racing autonomous cars are under development, which will require superior Artificial Intelligence Drivers to perform in structured but uncertain conditions. We describe some preliminary results obtained during the development of a planning and control system as key elements of an Artificial Intelligence driver for the competition scenario. Index Terms-Autonomous robots, self-driving vehicles, racing, robotics challenge.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.