Abstract
Recent code reuse attacks are able to circumvent various address space layout randomization (ASLR) techniques by exploiting memory disclosure vulnerabilities. To mitigate sophisticated code reuse attacks, we proposed a light-weight virtual machine, ReRanz, which deployed a novel continuous binary code re-randomization to mitigate memory disclosure oriented attacks. In order to meet security and performance goals, costly code randomization operations were outsourced to a separate process, called the "shuffling process". The shuffling process continuously flushed the old code and replaced it with a fine-grained randomized code variant. ReRanz repeated the process each time an adversary might obtain the information and upload a payload. Our performance evaluation shows that ReRanz Virtual Machine incurs a very low performance overhead. The security evaluation shows that ReRanz successfully protect the Nginx web server against the Blind-ROP attack.
- Apache HTTP Server. In http://httpd.apache.org/.Google Scholar
- Blind ROP tool. In http://www.scs.stanford.edu/brop/.Google Scholar
- LLVM Compiler Infrastructure. In http://llvm.org/.Google Scholar
- Libunwind library. In http://www.nongnu.org/libunwind/.Google Scholar
- Nginx Web Server. In http://nginx.org/.Google Scholar
- Getting around non-executable stack (and fix). In http://seclists.org/bugtraq/1997/Aug/63.Google Scholar
- ab tool. In https://httpd.apache.org/docs/2.4/programs/ab.html.Google Scholar
- M. Backes and S. Nürnberger. Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing. In 23rd USENIX Security Symposium (USENIX Security 14), pages 433--447, San Diego, CA, Aug. 2014. USENIX Association. ISBN 978-1-931971-15-7.Google Scholar
- C. Bienia and K. Li. PARSEC 2.0: A New Benchmark Suite for Chip-Multiprocessors. In Proceedings of the 5th Annual Workshop on Modeling, Benchmarking and Simulation, June 2009.Google Scholar
- D. Bigelow, T. Hobson, R. Rudd, W. Streilein, and H. Okhravi. Timely Rerandomization for Mitigating Memory Disclosures. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pages 268--279, New York, NY, USA, 2015. ACM. Google Scholar
Digital Library
- A. Bittau, A. Belay, A. Mashtizadeh, D. Mazires, and D. Boneh. Hacking Blind. In 2014 IEEE Symposium on Security and Privacy, pages 227--242, May 2014. Google Scholar
Digital Library
- T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang. Jump-oriented Programming: A New Class of Code-reuse Attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, pages 30--40, New York, NY, USA, 2011. ACM. Google Scholar
Digital Library
- S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented Programming Without Returns. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS '10, pages 559--572, New York, NY, USA, 2010. ACM. Google Scholar
Digital Library
- Y. Chen, Z. Wang, D. Whalley, and L. Lu. Remix: Ondemand live randomization. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY '16, pages 50--61, New York, NY, USA, 2016. ACM. ISBN 978-1-4503-3935-3. Google Scholar
Digital Library
- Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng. ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks. In NDSS. The Internet Society, 2014. Google Scholar
Cross Ref
- S. J. Crane, S. Volckaert, F. Schuster, C. Liebchen, P. Larsen, L. Davi, A.-R. Sadeghi, T. Holz, B. De Sutter, and M. Franz. It's a TRaP: Table Randomization and Protection Against Function-Reuse Attacks. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pages 243--255, New York, NY, USA, 2015. ACM. ISBN 978-1-4503-3832-5.Google Scholar
Digital Library
- L. V. Davi, A. Dmitrienko, S. Nürnberger, and A.-R. Sadeghi. Gadge Me if You Can: Secure and Efficient Adhoc Instruction-level Randomization for X86 and ARM. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS '13, pages 299--310, New York, NY, USA, 2013. ACM.Google Scholar
Digital Library
- R. Gawlik, B. Kollenda, P. Koppe, B. Garmany, and T. Holz. Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding. In 23nd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, February 21-24, 2016, 2016.Google Scholar
Cross Ref
- C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. In Proceedings of the 21st USENIX Conference on Security Symposium, Security' 12, pages 40--40, Berkeley, CA, USA, 2012. USENIX Association.Google Scholar
Digital Library
- E. G?ktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In 2014 IEEE Symposium on Security and Privacy, pages 575--589, May 2014. doi: 10.1109/SP.2014.43. Google Scholar
Digital Library
- E. Göktaş, R. Gawlik, B. Kollenda, E. Athanasopoulos, G. Portokalidis, C. Giuffrida, and H. Bos. Undermining Information Hiding (and What to Do about It). In 25th USENIX Security Symposium (USENIX Security 16), pages 105--119, Austin, TX, Aug. 2016. USENIX Association. ISBN 978-1-931971-32-4.Google Scholar
- D. Gruss, C. Maurice, A. Fogh, M. Lipp, and S. Mangard. Prefetch side-channel attacks: Bypassing smap and kernel aslr. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS '16, pages 368--379, New York, NY, USA, 2016. ACM. ISBN 978-1-4503-4139-4. doi: 10.1145/2976749.2978356. URL http://doi.acm.org/10.1145/2976749.2978356. Google Scholar
Digital Library
- J. L. Henning. SPEC CPU2006 Benchmark Descriptions. SIGARCH Comput. Archit. News, 34(4):1--17, Sept. 2006. ISSN 0163-5964.Google Scholar
- J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. ILR: Where'd My Gadgets Go? In 2012 IEEE Symposium on Security and Privacy, pages 571--585, May 2012. Google Scholar
Digital Library
- H. Hu, Z. L. Chua, S. Adrian, P. Saxena, and Z. Liang. Automatic Generation of Data-Oriented Exploits. In 24th USENIX Security Symposium (USENIX Security 15), pages 177--192, Washington, D.C., Aug. 2015. USENIX Association.Google Scholar
Digital Library
- R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space aslr. In 2013 IEEE Symposium on Security and Privacy, pages 191--205, May 2013. doi: 10.1109/SP.2013.23. Google Scholar
Digital Library
- Y. Jang, S. Lee, and T. Kim. Breaking kernel address space layout randomization with intel tsx. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS '16, pages 380--392, New York, NY, USA, 2016. ACM. ISBN 978-1-4503-4139-4. doi: 10.1145/2976749.2978321. URL http://doi.acm.org/10.1145/2976749.2978321. Google Scholar
Digital Library
- C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software. In ACSAC, pages 339--348. IEEE Computer Society, 2006.Google Scholar
Digital Library
- H. Koo and M. Polychronakis. Juggling the gadgets: Binary-level code randomization using instruction displacement. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS '16, pages 23--34, New York, NY, USA, 2016. ACM. ISBN 978-1-4503-4233-9.Google Scholar
Digital Library
- K. Lu, S. Nürnberger, M. Backes, and W. Lee. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization. In 23rd Annual Symposium on Network and Distributed System Security (NDSS 2016), 2015.Google Scholar
- Microsoft. Data Execution Prevention (DEP).Google Scholar
- V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization. In 2012 IEEE Symposium on Security and Privacy, pages 601--615, May 2012. Google Scholar
Digital Library
- V. Pappas, M. Polychronakis, and A. D. Keromytis. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pages 447--462, Washington, D.C., 2013. USENIX. ISBN 978-1-931971-03-4.Google Scholar
- R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-Oriented Programming: Systems, Languages, and Applications. ACM Trans. Inf. Syst. Secur., 15(1):2:1--2:34, Mar. 2012. ISSN 1094-9224.Google Scholar
Digital Library
- G. F. Roglia, L. Martignoni, R. Paleari, and D. Bruschi. Surgically Returning to Randomized lib(c). In ACSAC, pages 60--69. IEEE Computer Society, 2009. ISBN 978-0-7695-3919-5. Google Scholar
Digital Library
- J. Salwan. ROPGadget. In http://shellstorm.org/project/ROPgadget.Google Scholar
- F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A. R. Sadeghi, and T. Holz. Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications. In 2015 IEEE Symposium on Security and Privacy, pages 745--762, May 2015. Google Scholar
Digital Library
- J. Seibert, H. Okhravi, and E. Söderström. Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 54--65, New York, NY, USA, 2014. ACM. ISBN 978-1-4503-2957-6. Google Scholar
Digital Library
- H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address-space Randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pages 298--307, New York, NY, USA, 2004. ACM. ISBN 1-58113-961-6. Google Scholar
Digital Library
- K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A. R. Sadeghi. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 574--588, May 2013.Google Scholar
Digital Library
- R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter. Breaking the Memory Secrecy Assumption. In Proceedings of the Second European Workshop on System Security, EUROSEC '09, pages 1--8, New York, NY, USA, 2009. ACM. Google Scholar
Digital Library
- L. Szekeres, M. Payer, L. T. Wei, and R. Sekar. Eternal war in memory. IEEE Security Privacy, 12(3):45--53, May 2014. ISSN 1540-7993. doi: 10.1109/MSP.2014.44. Google Scholar
Cross Ref
- U.Wiki. Address space layout randomization (ASLR).Google Scholar
- R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin. Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 157--168, New York, NY, USA, 2012. ACM. ISBN 978-1-4503-1651-4. Google Scholar
Digital Library
- D. Williams-King, G. Gobieski, K. Williams-King, J. P. Blake, X. Yuan, P. Colp, M. Zheng, V. P. Kemerlis, J. Yang, and W. Aiello. Shuffler: Fast and deployable continuous code re-randomization. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pages 367--382, GA, Nov. 2016. USENIX Association.Google Scholar
Index Terms
ReRanz: A Light-Weight Virtual Machine to Mitigate Memory Disclosure Attacks
Recommendations
Timely Rerandomization for Mitigating Memory Disclosures
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityAddress Space Layout Randomization (ASLR) can increase the cost of exploiting memory corruption vulnerabilities. One major weakness of ASLR is that it assumes the secrecy of memory addresses and is thus ineffective in the face of memory disclosure ...
ReRanz: A Light-Weight Virtual Machine to Mitigate Memory Disclosure Attacks
VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsRecent code reuse attacks are able to circumvent various address space layout randomization (ASLR) techniques by exploiting memory disclosure vulnerabilities. To mitigate sophisticated code reuse attacks, we proposed a light-weight virtual machine, ...
Moving Targets vs. Moving Adversaries: On the Effectiveness of System Randomization
MTD '17: Proceedings of the 2017 Workshop on Moving Target DefenseMemory-corruption vulnerabilities pose a severe threat on modern systems security. Although this problem is known for almost three decades it is unlikely to be solved in the near future because a large amount of modern software is still programmed in ...







Comments