Code shredding: Byte-granular randomization of program layout for detecting code-reuse attacks

ACM International Conference Proceeding Series

Volumn , Issue , 2012, Pages 309-318

  Shioji, Eitaro ^a   Kawakoya, Yuhei ^a   Iwamura, Makoto ^a   Hariu, Takeo ^a  

^a NTT CORPORATION   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

ADDRESS SPACE; CHECKSUM; MEMORY ADDRESS; MEMORY SPACE; PROGRAM CODE; PROGRAM MODIFICATIONS; PROOF OF CONCEPT; PROTOTYPE SYSTEM; RECOMPILATION; SOFTWARE DEPLOYMENT;

DESIGN OF EXPERIMENTS; PROGRAM COMPILERS; RANDOM PROCESSES; SECURITY OF DATA; SECURITY SYSTEMS;

COMPUTER SOFTWARE REUSABILITY;

EID: 84872107648     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2420950.2420996     Document Type: Conference Paper

References (34)

1. MSDN Library, "Windows ISV Software Security Defenses," http://msdn.microsoft.com/en-us/library/bb430720.aspx
2. Android Developers, "Android 4.0 Platform Highlights," http://developer.android.com/sdk/android-4.0-highlights.html
3. G. S. Kc, Angelos D. Keromytis, and V. Prevelakis, "Countering code-injection attacks with instruction-set randomization," in Proc. of the 10th ACM conference on Computer and communications security (CCS '03), 2003.
4. c0ntex, "Bypassing non-executable-stack during exploitation using return-to-libc", http://www.infosecwriters.com/text-resources/pdf/return- to-libc.pdf
5. H. Shacham, "The geometry of innocent fiesh on the bone: Return-into-libc without function calls (on the x86)," in Proc. of the 14th ACM Conference on Computer and Communications Security (CCS '07), 2007.
6. Phrack Magazine, "Bypassing PaX ASLR protection", http://www.phrack.com/issues.html?issue=59&id=9/
7. C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood, "Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation," Programming Language Design and Implementation (PLDI '05), 2005.
8. M. Chew and D. Song,"Mitigating buffer overflows by operating system randomization," Technical Report CMU-CS-02-197, Carnegie Mellon University, Dec. 2002.
9. S. Forrest, A. Somayaji, and D. H. Ackley, "Building diverse computer systems," Workshop on Hot Topics in Operating Systems, 1997.
10. D. Williams et al. "Security through Diversity: Leveraging Virtual Machine Technology," IEEE Security and Privacy 7, 2009.
11. J. E. Just and M. Cornwell. "Review and analysis of synthetic diversity for breaking monocultures," in Proc. of the 2004 ACM workshop on Rapid malcode (WORM '04), 2004.
12. C. Wang, "Protection of software-based survivability schemes", Dependable Systems and Networks, 2001.
13. M. Franz, "E unibus pluram: massive-scale software diversity as a defense mechanism," in Proc. of the 2010 workshop on New security paradigms (NSPW '10), 2010.
14. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh, "On the effectiveness of address-space randomization," in Proc. of the 11th ACM conference on Computer and communications security (CCS '04), 2004.
15. P. Philippaerts, Y. Younan, S. Muylle, F. Piessens, S. Lachmund, and T. Walter, "Code Pointer Masking: Hardening Applications against Code Injection Attacks," in Proc. of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA '11), 2011.
16. E. Lee and C. Zilles, "Branch-on-random," in Proc. of the 6th annual IEEE/ACM international symposium on Code generation and optimization (CGO '08), 2008.
17. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, "StackGuard: Automatic detection and prevention of buffer-overflow attacks," in Proc. of the 7th USENIX Security Symposium(Security '98), 1998.
18. C. Cowan, S. Beattie, J. Johansen, and P. Wagle, "Pointguard: protecting pointers from buffer overflow vulnerabilities," in Proc. of the 12th USENIX Security Symposium(Security '03), 2003.
19. "Bzip2 for Windows," http: //gnuwin32.sourceforge.net/packages/ bzip2.htm
20. MSDN, "Dynamic-Link Librariesk," http://msdn.microsoft.com/en- us/library/windows/desktop/ms682589%28v=vs.85%29.aspx
21. Dionysus Blazakis, "Interpreter Exploitation: Pointer Inference and JIT Spraying," in BlackHat DC, 2010.
22. A. Skaletsky, T. Devor, N. Chachmon, R. Cohn, K. Hazelwood, V. Vladimirov, and M. Bach, "Dynamic program analysis of Microsoft Windows applications," in Proc. of IEEE International Symposium on Performance Analysis of Systems & Software (ISPASS '10), 2010.
23. Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis, "Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization," in the Proc. of the 33rd IEEE Symposium on Security & Privacy (S&P '12), 2012.
24. L. Davi, A.-R. Sadeghi, and M. Winandy, "ROPdefender: A practical protection tool to protect against return-oriented programming," in Proc. of the 6th Symposium on Information, Computer and Communications Security (ASIACCS '11), 2011.
25. metasploit Exploit DB, "Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (SMTP)", http://www.metasploit.com/modules/exploit/windows/ email/ms07-017-ani-loadimage-chunksize
26. Bugzilla, "Mandatory ASLR on Windows for binary components," https://bugzilla.mozilla.org/show-bug.cgi?id=728429
27. Microsoft TechNet Blogs, "Introducing EMET v3," http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx
28. PaX Team, "address space layout randomization," http://pax.grsecurity.net/docs/aslr.txt
29. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, "Return-oriented programming without returns," in Proc. of the 17th ACM conference on Computer and communications security (CCS '10), Oct 2010.
30. PaX Team, "vma mirroring," http://pax.grsecurity.net/docs/ vmmirror.txt
31. P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie, "DROP: Detecting return-oriented programming malicious code," in Proc. of the 5th International Conference on Information Systems Security (ICISS '09), 2009.
32. B. Salamat, A. Gal, and M. Franz, "Reverse stack execution in a multi-variant execution environment," in Workshop on Compiler and Architectural Techniques for Application Reliability and Security(CATARS), 2008.
33. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum, "Enhanced operating system security through efficient and fine-grained address space randomization," in Proc. of the 21st USENIX Security Symposium(Security '12), 2012.
34. R. Wartell, V. Mohan, K. W. Hamlen, Z. Lin, "Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code," in Proc. of the 19th ACM conference on Computer and communications security (CCS '12), 2012.