ASLR-Guard
Top Cited Papers
- 12 October 2015
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Abstract
A general prerequisite for a code reuse attack is that the attacker needs to locate code gadgets that perform the desired operations and then direct the control flow of a vulnerable application to those gadgets. Address Space Layout Randomization (ASLR) attempts to stop code reuse attacks by making the first part of the prerequisite unsatisfiable. However, research in recent years has shown that this protection is often defeated by commonly existing information leaks, which provides attackers clues about the whereabouts of certain code gadgets. In this paper, we present ASLR-Guard, a novel mechanism that completely prevents the leaks of code pointers, and render other information leaks (e.g., the ones of data pointers) useless in deriving code address. The main idea behind ASLR-Guard is to render leak of data pointer useless in deriving code address by separating code and data, provide a secure storage for code pointers, and encode the code pointers when they are treated as data. ASLR-Guard can either prevent code pointer leaks or render their leaks harmless. That is, ASLR-Guard makes it impossible to overwrite code pointers with values that point to or will hijack the control flow to a desired address when the code pointers are dereferenced. We have implemented a prototype of ASLR-Guard, including a compilation toolchain and a C/C++ runtime. Our evaluation results show that (1) ASLR-Guard supports normal operations correctly; (2) it completely stops code address leaks and can resist against recent sophisticated attacks; (3) it imposes almost no runtime overhead (< 1%) for C/C++ programs in the SPEC benchmark. Therefore, ASLR-Guard is very practical and can be applied to secure many applications.Keywords
Funding Information
- DARPA Transparent Computing program (DARPA-15-15-TC-FP-006)
- ONR (N000140911042 and N000141512162)
- ETRI MSIP/IITP (B0101-15- 0644)
- DHS (N66001-12-C-0133)
- United States Air Force (FA8650-10-C-7025)
- NSF award (CNS-1017265 CNS-0831300 CNS-1149051 and DGE-1500084)
This publication has 27 references indexed in Scilit:
- HAFIXPublished by Association for Computing Machinery (ACM) ,2015
- Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ ApplicationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Missing the Point(er): On the Effectiveness of Code Pointer IntegrityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Readactor: Practical Code Randomization Resilient to Memory DisclosurePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Thwarting Cache Side-Channel Attacks Through Dynamic Software DiversityPublished by Internet Society ,2015
- Opaque Control-Flow IntegrityPublished by Internet Society ,2015
- The Devil is in the Constants: Bypassing Defenses in Browser JIT EnginesPublished by Internet Society ,2015
- Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented ProgrammingPublished by Internet Society ,2015
- Modular control-flow integrityACM SIGPLAN Notices, 2014
- ROPecker: A Generic and Practical Approach For Defending Against ROP AttacksPublished by Internet Society ,2014