Diversifying the Software Stack Using Randomized NOP Insertion

Jackson, Todd; Homescu, Andrei; Crane, Stephen; Larsen, Per; Brunthaler, Stefan; Franz, Michael

doi:10.1007/978-1-4614-5416-8_8

Cited by 37 publications

(24 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Memory disclosure may take the form of direct memory leakage [53] (i.e., as part of the system output), or it can take the form of indirect memory leakage, where fault or timing side-channel analysis attacks are used to leak the contents of memory [9,47]. Other forms of randomization-based techniques include instruction set randomization (ISR) [8] or the multicompiler techniques [26]. Unfortunately, they are also vulnerable to information leakage attacks [53,47].…”

Section: Introductionmentioning

confidence: 99%

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

Evans

Fingeret

González

et al. 2015

2015 IEEE Symposium on Security and Privacy

117

View full text Add to dashboard Cite

Abstract-Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Numerous defenses have been proposed against memory corruption attacks, but they all have their limitations and weaknesses. Stronger defenses such as complete memory safety for legacy languages (C/C++) incur a large overhead, while weaker ones such as practical control flow integrity have been shown to be ineffective. A recent technique called code pointer integrity (CPI) promises to balance security and performance by focusing memory safety on code pointers thus preventing most control-hijacking attacks while maintaining low overhead. CPI protects access to code pointers by storing them in a safe region that is protected by instruction level isolation. On x86-32, this isolation is enforced by hardware; on x86-64 and ARM, isolation is enforced by information hiding. We show that, for architectures that do not support segmentation in which CPI relies on information hiding, CPI's safe region can be leaked and then maliciously modified by using data pointer overwrites. We implement a proofof-concept exploit against Nginx and successfully bypass CPI implementations that rely on information hiding in 6 seconds with 13 observed crashes. We also present an attack that generates no crashes and is able to bypass CPI in 98 hours. Our attack demonstrates the importance of adequately protecting secrets in security mechanisms and the dangers of relying on difficulty of guessing without guaranteeing the absence of memory leaks.

show abstract

Section: Introductionmentioning

confidence: 99%

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

Evans

Fingeret

González

et al. 2015

2015 IEEE Symposium on Security and Privacy

117

View full text Add to dashboard Cite

show abstract

“…By comparison, Jackson et al [30] reported higher overhead for their diversifying GCC and LLVM compilers. Similar to G-Free, their compiler adds alignment sleds in front of candidate gadgets in order to remove unintended gadgets from the binary.…”

Section: Custom Code Analysis and Code Generationmentioning

confidence: 96%

Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution

Volckaert

Coppens

SutterMember

2016

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-In this paper, we present Disjoint Code Layouts (DCL), a technique that complements Multi-Variant Execution [1] and W⊕X protection to effectively immunize programs against control flow hijacking exploits such as Return Oriented Programming (ROP) [2] and return-to-libc attacks [3]. DCL improves upon Address Space Partitioning (ASP), an earlier technique presented to defeat memory exploits. Unlike ASP, our solution keeps the full virtual address space available to the protected program. Additionally, our combination of DCL with Multi-Variant Execution is transparent to both the user and the programmer and incurs much less overhead than other ROP defense tools, both in terms of run time and memory footprint.

show abstract

“…No support for operating system diversification: In contrast, several compile-time diversification approaches support operating system protection [12], [27], [34]. Rewriting kernel code is not impossible but it is rather involved because kernels differ from application code in numerous ways.…”

Section: The Diversification Engine Increases the Trusted Computing Bmentioning

confidence: 99%

SoK: Automated Software Diversity

Larsen

Homescu

Brunthaler

et al. 2014

2014 IEEE Symposium on Security and Privacy

Self Cite

267

166

View full text Add to dashboard Cite

Abstract-The idea of automatic software diversity is at least two decades old. The deficiencies of currently deployed defenses and the transition to online software distribution (the "App store" model) for traditional and mobile computers has revived the interest in automatic software diversity. Consequently, the literature on diversity grew by more than two dozen papers since 2008.Diversity offers several unique properties. Unlike other defenses, it introduces uncertainty in the target. Precise knowledge of the target software provides the underpinning for a wide range of attacks. This makes diversity a broad rather than narrowly focused defense mechanism. Second, diversity offers probabilistic protection similar to cryptography-attacks may succeed by chance so implementations must offer high entropy. Finally, the design space of diversifying program transformations is large. As a result, researchers have proposed multiple approaches to software diversity that vary with respect to threat models, security, performance, and practicality.In this paper, we systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches. We also point to open areas and unresolved challenges. These include "hybrid solutions", error reporting, patching, and implementation disclosure attacks on diversified software. I. MOTIVATIONAs modern society grows increasingly dependent on the digital domain, adversaries abound in cyberspace. In spite of the combined efforts of the security community, reports of major software vulnerabilities that put millions of users at risk continue to be the norm rather than the exception.Whereas diversity provides protection and resilience in nature, the commoditization of the computer systems has made them increasingly homogeneous with respect to hardware, operating systems, applications, and everything in between. Homogeneity and standardization provide economies of scale, consistent behavior, and simplify the logistics of distributing programs. We therefore live in a software mono-culture.Unfortunately, homogeneity has turned out to be a doubleedged sword [26]. An attacker can readily download an identical copy of the commodity software running on their victims' systems and probe it for vulnerabilities. After turning a vulnerability into an exploit, the attacker can target all systems running copies of the vulnerable program. In other words, the software mono-culture creates economies of scale for attackers, too.Artificial software diversity aims to increase the cost to attackers by randomizing implementation aspects of programs. This forces attackers to target each system individually, substantially raising the bar on mass scale exploitation. Without knowledge of the program implementation hosted on a particular system, targeted attacks become significantly harder, too.The idea of protecting programs with artificially generated diversity is at least two decades old [13]. However, compilerbased software diversity has only recently beco...

show abstract

Diversifying the Software Stack Using Randomized NOP Insertion

Cited by 37 publications

References 21 publications

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

Missing the Point(er): On the Effectiveness of Code Pointer Integrity

Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution

SoK: Automated Software Diversity

Contact Info

Product

Resources

About