StackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries

Chen, Xi; Slowinska, Asia; Andriesse, Dennis; Bos, Herbert; Giuffrida, Cristiano

doi:10.14722/ndss.2015.23248

Cited by 70 publications

(49 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…MvArmor implements this novel technique for all the heap objects, by using the standard "compact" allocator in the leader and a custom "sparse" allocator in the followers. Extending such guarantees to all the other memory objects is, in principle, possible, but source-level information is generally necessary to accurately decouple stack [47] and data [48] objects-although binary-level approximations are at times possible [49].…”

Section: A Variant Generatormentioning

confidence: 99%

Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization

Koning

Bos

Giuffrida

2016

2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Self Cite

View full text Add to dashboard Cite

Memory error exploits rank among the most serious security threats. Of the plethora of memory error containment solutions proposed over the years, most have proven to be too weak in practice. Multi-Variant eXecution (MVX) solutions can potentially detect arbitrary memory error exploits via divergent behavior observed in diversified program variants running in parallel. However, none have found practical applicability in security due to their non-trivial performance limitations. In this paper, we present MvArmor, an MVX system that uses hardware-assisted process virtualization to monitor variants for divergent behavior in an efficient yet secure way. To provide comprehensive protection against memory error exploits, MvArmor relies on a new MVX-aware variant generation strategy. The system supports user-configurable security policies to tune the performance-security trade-off. Our analysis shows that MvArmor can counter many classes of modern attacks at the cost of modest performance overhead, even with conservative detection policies.

show abstract

Section: A Variant Generatormentioning

confidence: 99%

Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization

Koning

Bos

Giuffrida

2016

2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Memory safety -various-[4]- [6], [13], [36], [45] Mostly source code () -see §VII-E CPI/CPS [31] Source code / [52] that solely aim at constraining indirect calls and jumps but not returns. As such, taken for itself, forward-edge CFI does not prevent ROP in any way.…”

Section: C++-aware Cfimentioning

confidence: 99%

“…Systems that provide forms of memory safety for C/C++ applications [4]- [6], [13], [31], [36], [45] can constitute strong defenses against control-flow hijacking attacks in general. As our adversary model explicitly foresees an initial memory corruption and information leak (see §III-B), we do not explore the defensive strengths of these systems in detail.…”

Section: E Memory Safetymentioning

confidence: 99%

“…In other words, code reuse attacks cannot be instantiated, if spatial memory corruptions like buffer overflows and temporal memory corruptions like use-after-free conditions are prevented in the first place [51]. Indeed, a large number of techniques have been proposed that provide means of spatial memory safety [5], [6], temporal memory safety [4], or both [13], [31], [36], [45]. On the downside, for precise guarantees, these techniques typically require access or even changes to an application's source code and may incur considerable overhead.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Schuster

Tendyck

Liebchen

et al. 2015

2015 IEEE Symposium on Security and Privacy

270

191

View full text Add to dashboard Cite

Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. A variety of corresponding defenses has been proposed, of which some have already been successfully bypassed-and the arms race continues.In this paper, we perform a systematic assessment of recently proposed CFI solutions and other defenses against code reuse attacks in the context of C++. We demonstrate that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice. Our novel attack technique, denoted as counterfeit object-oriented programming (COOP), induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through corresponding existing call sites. COOP is Turing complete in realistic attack scenarios and we show its viability by developing sophisticated, real-world exploits for Internet Explorer 10 on Windows and Firefox 36 on Linux. Moreover, we show that even recently proposed defenses (CPS, T-VIP, vfGuard, and VTint) that specifically target C++ are vulnerable to COOP. We observe that constructing defenses resilient to COOP that do not require access to source code seems to be challenging. We believe that our investigation and results are helpful contributions to the design and implementation of future defenses against controlflow hijacking attacks.

show abstract

“…This, however, comes with significant overhead and is impractical using software alone [2]. Because of this, many implementations have attempted to use coarse-grained CFI [11,31,41]. Coarse-grained CFI sacrifices the completeness of the control-flow graph to improve performance [14,18].…”

Section: Listing 1: Sample Instrumented Codementioning

confidence: 99%

On the Effectiveness of Hardware Enforced Control Flow Integrity

Gadient¹

2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and stack canaries have been circumvented by recent exploits. As a result, security researchers have turned towards Control Flow Integrity (CFI) to defend systems. Previous attempts to achieve CFI have tried to remain efficient and practical, but were exploitable. The NSA proposed a CFI system which integrates new hardware and program instrumentation. The purpose of this research is to assess and improve this proposal. In this paper, the system is exploited through the development of simple, vulnerable programs. It is shown to be effective in mitigating Jump Oriented Programming (JOP) attacks through an algorithm introduced as part of this work. Finally, different approaches are proposed to improve upon this system while their merits and issues are assessed.

show abstract

StackArmor: Comprehensive Protection from Stack-based Memory Error Vulnerabilities for Binaries

Cited by 70 publications

References 54 publications

Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization

Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

On the Effectiveness of Hardware Enforced Control Flow Integrity

Contact Info

Product

Resources

About