Crane, Stephen ; Liebchen, Christopher ; Homescu, Andrei ; Davi, Lucas ; Larsen, Per ; Sadeghi, Ahmad-Reza ; Brunthaler, Stefan ; Franz, Michael (2015)
Readactor: Practical Code Randomization Resilient to Memory Disclosure.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems. In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the attacker reads code pages, and indirect memory disclosure, where attackers use code pointers on data pages to infer the code layout without reading code pages. Unlike previous work, Readactor resists both types of memory disclosure. Moreover, our technique protects both statically and dynamically generated code. We use a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary. Finally, our extensive evaluation shows that our approach is practical---we protect the entire Google Chromium browser and its V8 JIT compiler---and efficient with an average SPEC CPU2006 performance overhead of only 6.4%.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2015 |
Autor(en): | Crane, Stephen ; Liebchen, Christopher ; Homescu, Andrei ; Davi, Lucas ; Larsen, Per ; Sadeghi, Ahmad-Reza ; Brunthaler, Stefan ; Franz, Michael |
Art des Eintrags: | Bibliographie |
Titel: | Readactor: Practical Code Randomization Resilient to Memory Disclosure |
Sprache: | Deutsch |
Publikationsjahr: | Mai 2015 |
Buchtitel: | 36th IEEE Symposium on Security and Privacy (Oakland) |
Zugehörige Links: | |
Kurzbeschreibung (Abstract): | Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems. In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the attacker reads code pages, and indirect memory disclosure, where attackers use code pointers on data pages to infer the code layout without reading code pages. Unlike previous work, Readactor resists both types of memory disclosure. Moreover, our technique protects both statically and dynamically generated code. We use a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary. Finally, our extensive evaluation shows that our approach is practical---we protect the entire Google Chromium browser and its V8 JIT compiler---and efficient with an average SPEC CPU2006 performance overhead of only 6.4%. |
Freie Schlagworte: | ICRI-SC;Secure Things;Solutions;S2 |
ID-Nummer: | TUD-CS-2015-0035 |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
Hinterlegungsdatum: | 04 Aug 2016 10:13 |
Letzte Änderung: | 03 Jun 2018 21:31 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |