The patent's assignee is
"In today's communication world, data presentation to a user is one of the most important and creative tasks. Especially, online data presentation mechanisms are significantly and drastically changing based on user's needs and expectations. For instance, content can now be presented to a user in text, image, audio, video, and embedded formats, among many other formats or combinations thereof.
"To represent these various types of formats, different programming techniques and file formats are being used. Flash format of Adobe is one such format, wherein Flash provides a multimedia platform that is used for adding animation, video, and interactivity to web pages. Flash is a tool for rich Internet applications and is used for advertisements, games and flash animation for broadcasting. Flash content can be displayed on various electronic devices and computer systems using Adobe Flash Player.
"Flash provides animation of text, drawings, and still images, supports bidirectional streaming of audio and video, and captures user input via mouse, keyboard, microphone, and camera.
"During execution of ActionScript code, the code is converted into ActionScript Byte Code (ABC) segments by a compiler and is stored in an
"Adobe Flash files are stored in ShockWave Flash (SWF) format, with a .swf extension for using multimedia, vector graphics and ActionScript. SWF is a widely used format for displaying 'animated' vector graphics on the Web. It is also used for programs, commonly browser games, using ActionScript. It is also pertinent to note that with growing emphasis on development of computer software that handles user data, various threats including hacking, phishing, malware, and viruses are also now becoming common mechanisms for breach of security and access to crucial information. To handle these threats, various protection measures and systems are implemented to provide safety and security to users of the Internet. However, hackers, commonly called as attackers, tend to find alternatives to attack end user systems, for example.
"Among various methods of hacking, use of exploits is a common method that attacker's use to attack users' computer systems. An exploit is a piece of software, a data chunk, or a sequence of commands, which take advantage of an error, fault, failure or vulnerability in a computer system, operating system, program or the like in order to cause unintended or unanticipated behavior to occur on a particular computer system. An exploit may result in denial of service or allow an attacker to access user data, perform arbitrary code execution or otherwise gain control of the computer system.
"Heap spraying is an exploiting technique commonly used to allow an attacker to execute commands of the attacker's choice on a user's computer or in a user's process. In general, exploit source code attempts to put a certain sequence of bytes at a predetermined location in heap memory of a user process by allocating blocks on the user's process heap and filling bytes in these blocks with appropriate values.
"A heap spray does not actually exploit any particular security issue, but instead makes various security issues easier to exploit. A heap spray can be used to introduce large amount of data, such as an address of a function the attacker desires to execute, into memory in order to increase the chances of successful exploitation. Heap sprays take advantage of the fact that on most architectures and operating systems, the start location of large heap allocations is predictable and consecutive allocations are roughly sequential. Therefore, the sprayed heap is roughly in the same location each and every time the heap spray is run. Heap spraying can be better explained with an example illustrated in the context of Flash files.
"In general, program code, also referred to as a process hereinafter, is initially stored in a specified memory location of a user's computer and is executed whenever the user calls it. The compiler goes to the memory location, fetches the code and executes the code. In case of a Flash file, the compiler fetches ActionScript code, converts it to
"An attacker may create code that implements a heap spray and inject the code into a user process that allocates heap memory. The heap spray code can be used to spray the heap with specific bytes, typically representing an address of a function or procedure the attacker desires to be executed. Then, once a vulnerability is exploited, the application code can be made to read the address from the sprayed heap, thereby allowing the attacker to control subsequent flow of execution.
"JIT spraying or Just-In-Time spraying is another type of exploit that impacts behavior of just-in-time compilation or dynamic compilation. JIT spraying bypasses two commonly used exploitation protection methods namely, Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). JIT spraying is typically used to penetrate security features in PDF documents and Adobe's Flash technology. A JIT compiler produces code, which is stored in memory marked as executable. If the attacker's code is generated by the JIT engine, the exploit code will also reside in executable area. In other words, DEP or ASLR is not involved in protection of code emitted by the JIT compiler. The JIT spraying process basically compiles exploit code and proceeds to spray compiled code into the memory with enough instances of exploit code so as to overwhelm address space randomization and then execute the exploit itself.
"A common JIT spraying technique is to fill user code with many XORs that are done with a constant, which ultimately result in an encoding of a desired instruction or set of instructions. Then, if the attacker can transfer the execution, by pointing the instruction pointer to the sprayed heap, the exploit payload can take control of the system. One mechanism for implementing heap or JIT spraying and/or gaining control of the instruction pointer is by way of embedded flash. Embedded flash may be used within a Flash file to trigger a flash vulnerability. A flash exploit or an attacker specified Flash file is embedded in a user/container file such as in a PDF file, Flash file, office document and the like. The container typically performs heap spraying as the exploiting technique and the flash exploit is used to gain control of the flow of execution.
"Other features of embodiments of the present disclosure will be apparent from accompanying drawings and from detailed description that follows.
BRIEF DESCRIPTION OF THE DRAWINGS
"In the Figures, similar components and/or features may have the same reference label. Further, various components of the same type may be distinguished by following the reference label with a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.
"FIG. 2 illustrates exemplary functional units of ActionScript emulator in accordance with an embodiment of the present invention.
"FIG. 3 illustrates typical format of a SWF file.
"FIG. 4 is a flow diagram illustrating processing performed by a scanner in accordance with an embodiment of the present invention.
"FIG. 5 is a flow diagram illustrating processing performed by ActionScript Emulator in accordance with an embodiment of the present invention.
"FIG. 7 is an exemplary computer system in which or with which embodiments of the present invention may be utilized."
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Islamic State Obliterating Cultural Landmarks in Mosul
- The 2014 Fastest-Growing 100
- 'Lucy's' Super Powers Tops 'Hercules' at Box Office
- Boehner Says Impeachment Talk Is Democrat Scam
- You're So Vain: Microsoft to Launch First 'Selfie Phone'
- VW Site Could Mean Another 2,000 Jobs for Chattanooga
- U.S. Home Price Gains Slow for 6th Month in a Row
- RV Sales See Highest Increase Post Great Recession
- Report: China to Declare Qualcomm a Monopoly
- Insecticides Permeate U.S. Food, Water Supply