Librando: Transparent code randomization for just-in-time compilers

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2013, Pages 993-1003

  Homescu, Andrei ^a   Brunthaler, Stefan ^a   Larsen, Per ^a   Franz, Michael ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

binary rewriting; code reuse attacks; diversification; jit compilers; jit spraying; randomization; return oriented programming; security

Indexed keywords

BINARY REWRITING; CODE REUSE; DIVERSIFICATION; JIT COMPILER; RANDOMIZATION; RETURN-ORIENTED PROGRAMMING; SECURITY;

HIGH LEVEL LANGUAGES; JUST IN TIME PRODUCTION; PROGRAM COMPILERS; RANDOM PROCESSES;

SECURITY OF DATA;

EID: 84889076199     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2508859.2516675     Document Type: Conference Paper

References (31)

1. J. Ansel, P. Marchenko, U. Erlingsson, E. Taylor, B. Chen, D. L. Schuff, D. Sehr, C. L. Biffle, and B. Yee. Language-independent sandboxing of just-in-time compilation and self-modifying code. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 355-366, 2011.
2. D. Blazakis. Interpreter exploitation. In Proceedings of the 4th USENIX Workshop on Offensive technologies, WOOT'10, 2010.
3. T. Bletsch, X. Jiang, V. Freeh, and Z. Liang. Jump-oriented programming: a new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, pages 30-40, 2011.
4. D. Bruening, T. Garnett, and S. Amarasinghe. An infrastructure for adaptive dynamic optimization. In Proceedings of the 2003 International Symposium on Code Generation and Optimisation, CGO '03, 2003.
5. P. Chen, Y. Fang, B. Mao, and L. Xie. JITDefender: A defense against JIT spraying attacks. In Proceedings of the 26th IFIP TC 11 International Information Security Conference, SEC '11, pages 142-153, 2011.
6. F. Cohen. Operating system protection through program evolution. Computers and Security, 12(6):565-584, Oct. 1993.
7. S. Forrest, A. Somayaji, and D. Ackley. Building diverse computer systems. In Proceedings of the 6th Workshop on Hot Topics in Operating Systems, HotOS '97, pages 67-72, 1997.
8. B. Fulgham. The computer language benchmarks game. http://shootout. alioth.debian.org/, 2012.
9. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced operating system security through efficient and fine-grained address space randomization. In Proceedings of the 21st USENIX Security Symposium, pages 475-490, 2012.
10. J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson. ILR: Where'd my gadgets go? In Proceedings of the 33rd IEEE Symposium on Security and Privacy, S&P '12, pages 571-585, 2012.
11. A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz. Profile-guided automated software diversity. In Proceedings of the 2013 International Symposium on Code Generation and Optimization, CGO '13, 2013.
12. R. Hundt, E. Raman, M. Thuresson, and N. Vachharajani. Mao - an extensible micro-architectural optimizer. In Proceedings of the 9th IEEE/ACM International Symposium on Code Generation and Optimization, CGO '11, pages 1-10, 2011.
13. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manual, August 2012.
14. T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, C. Wimmer, and M. Franz. Compiler-generated software diversity. In S. Jajodia, A. K. Ghosh, V. Swarup, C. Wang, and X. S. Wang, editors, Moving Target Defense, volume 54 of Advances in Information Security, pages 77-98. Springer New York, 2011.
15. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th USENIX Security Symposium, pages 191-206, 2002.
16. J. Li, Z. Wang, X. Jiang, M. Grace, and S. Bahram. Defeating return-oriented rootkits with "return-less" kernels. In Proceedings of the 5th European Conference on Computer Systems, EuroSys '10, pages 195-208, 2010.
17. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, PLDI '05, pages 190-200, 2005.
18. S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In Proceedings of the 15th USENIX Security Symposium, pages 209-224, 2006.
19. N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 2003.
20. K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-Free: Defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 49-58, 2010.
21. R. Pagh and F. F. Rodler. Cuckoo hashing. Journal of Algorithms, 51(2):122-144, 2004.
22. V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Proceedings of the 33rd IEEE Symposium on Security and Privacy, S&P '12, pages 601-615, 2012.
23. M. Payer and T. R. Gross. Fine-grained user-space security through virtualization. In Proceedings of the 2011 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '11, pages 157-168, 2011.
24. C. Rohlf and Y. Ivnitskiy. Attacking clientside JIT compilers. In Black Hat USA, 2011.
25. K. Scott, N. Kumar, S. Velusamy, B. R. Childers, J. W. Davidson, and M. L. Soffa. Retargetable and reconfigurable software dynamic translation. In Proceedings of the 2003 International Symposium on Code Generation and Optimisation, CGO '03, 2003.
26. H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS '07, pages 552-561, 2007.
27. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS '04, pages 298-307, 2004.
28. L. Tang, J. Mars, and M. L. Soffa. Compiling for niceness: mitigating contention for QoS in warehouse scale computers. In Proceedings of the 10th IEEE/ACM International Symposium on Code Generation and Optimization, CGO '12, pages 1-12, 2012.
29. R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS '12, pages 157-168, 2012.
30. T. Wei, T. Wang, L. Duan, and J. Luo. INSeRT: Protect dynamic code generation against spraying. In Proceedings of the 2011 International Conference on Information Science and Technology, ICIST '11, pages 323-328, 2011.
31. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native client: A sandbox for portable, untrusted x86 native code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, S&P '09, pages 79-93, 2009.