HideM: Protecting the contents of userspace memory in the face of disclosure vulnerabilities

CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2015, Pages 325-336

  Gionta, Jason ^a   Enck, William ^a   Ning, Peng ^a  

^a North Carolina State University   (United States)

Author keywords

Code reuse attacks; Information leaks; Memory disclosure exploits; Memory protection; Return oriented programming

Indexed keywords

PROGRAM PROCESSORS;

ARCHITECTURAL CHANGES; CODE REUSE; COMMODITY SYSTEMS; INFORMATION LEAKS; MEMORY PROTECTION; PERFORMANCE PENALTIES; RETURN-ORIENTED PROGRAMMING; SECURITY PROTECTION;

COMMERCIAL OFF-THE-SHELF;

EID: 84928142971     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2699026.2699107     Document Type: Conference Paper

References (37)

1. 0vercl0k. Rp++ tool. https://github.com/0vercl0k/rp.
2. Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. Control-ow integrity. In Proceedings of the 12th ACM conference on Computer and communications security, pages 340-353. ACM, 2005.
3. Howard Aiken, AG Oettinger, and TC Bartee. Proposed automatic calculating machine. Spectrum, IEEE, 1(8):62-69, 1964.
4. Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, and Jannik Pewny. You can run but you can't read: Preventing disclosure exploits in executable code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 1342-1353. ACM, 2014.
5. Xiaoxin Chen, Tal Garnkel, E Christopher Lewis, Pratap Subrahmanyam, Carl A Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan RK Ports. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In ACM SIGOPS Operating Systems Review, volume 42, pages 2-13. ACM, 2008.
6. Tool Interface Standards Committee et al. Executable and linkable format (ELF). Specification, Unix System Laboratories, 2001.
7. Fernando J Corbató and Victor A. Vyssotsky. Introduction and overview of the multics system. In Proceedings of the November 30-December 1, 1965, fall joint computer conference, part I, pages 185-196. ACM, 1965.
8. John Criswell, Nathan Dautenhahn, and Vikram Adve. Virtual Ghost: Protecting applications from hostile operating systems. In Proceedings of the nineteenth international conference on Architectural support for programming languages and operating systems, 2014.
9. Jonathon T. Giffin, Mihai Christodorescu, and Louis Kruger. Strengthening software self-checksumming via self-modifying code. In Computer Security Applications Conference, 21st Annual, pages 10-pp. IEEE, 2005.
10. Enes Göktas, Elias Athanasopoulos, Herbert Bos, and Gerogios Portokalidis. Out of control: Overcoming control-ow integrity. In Security and Privacy (SP), 2014 IEEE Symposium on, San Jose, CA, USA, May 2014. IEEE.
11. Andrei Homescu, Steven Neisius, Per Larsen, Stefan Brunthaler, and Michael Franz. Profile-guided automated software diversity. In Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), CGO '13, pages 1-11, Washington, DC, USA, 2013. IEEE Computer Society.
12. Andrei Homescu, Michael Stewart, Per Larsen, Stefan Brunthaler, and Michael Franz. Microgadgets: Size does matter in turing-complete return-oriented programming. In WOOT, pages 64-76, 2012.
13. Intel. Intel architectures manual. Volume 3A: System Programming Guide, Part, 1, 64.
14. Chongkyung Kil, Jinsuk Jim, Christopher Bookholt, Jun Xu, and Peng Ning. Address space layout permutation (ASLP): Towards fine-grained randomization of commodity software. In Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual, pages 339-348. IEEE, 2006.
15. Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. SoK: Automated software diversity. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, pages 276-291, Washington, DC, USA, 2014. IEEE Computer Society.
16. David Lie, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 35(11):168-177, 2000.
17. MWR labs pwn2own 2013 write-up. MWR Labs. https://labs.mwrinfosecurity.com/blog/2013/04/19/mwr-labs-pwn2own-2013-write-up-webkit-exploit/.
18. Ryan Riley, Xuxian Jiang, and Dongyan Xu. An architectural approach to preventing code injection attacks. Dependable and Secure Computing, IEEE Transactions on, 7(4):351-365, 2010.
19. Jonathan Salwan. Ropgadget tool. http://shell-storm.org/project/ROPgadget/.
20. Prateek Saxena, R. Sekar, and Varun Puranik. Efficient fine-grained binary instrumentationwith applications to taint-tracking. In Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization, pages 74-83. ACM, 2008.
21. Edward J Schwartz, Thanassis Avgerinos, and David Brumley. Q: Exploit hardening made easy. In USENIX Security Symposium, 2011.
22. David Seal. ARM architecture reference manual. Pearson Education, 2001.
23. Hovav Shacham. The geometry of innocent esh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security, pages 552-561. ACM, 2007.
24. Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP '13, pages 574-588, Washington, DC, USA, 2013. IEEE Computer Society.
25. Sherri Sparks and Jamie Butler. Shadow walker: Raising the bar for rootkit detection. Black Hat Japan, pages 504-533, 2005.
26. G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, and Srinivas Devadas. Efficient memory integrity verification and encryption for secure processors. In Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, page 339. IEEE Computer Society, 2003.
27. Yang Tang, Phillip Ames, Sravan Bhamidipati, Ashish Bijlani, Roxana Geambasu, and Nikhil Sarda. Cleanos: Limiting mobile data exposure with idle eviction. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI, volume 12, 2012.
28. PaX Team. Non executable data pages, 2004.
29. Jacob Torrey. More: Measurement of running executables. In Proceedings of the 9th Annual Cyber and Information Security Research Conference, pages 117-120. ACM, 2014.
30. Paul C. Van Oorschot, Anil Somayaji, and Glenn Wurster. Hardware-assisted circumvention of self-hashing software tamper resistance. Dependable and Secure Computing, IEEE Transactions on, 2(2):82-92, 2005.
31. C+ Visual and Business Unit. Microsoft portable executable and common object file format specification, 2013.
32. John Von Neumann. First draft of a report on the edvac. IEEE Annals of the History of Computing, 15(4):27-75, 1993.
33. Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. In ACM SIGOPS Operating Systems Review, volume 27, pages 203-216. ACM, 1994.
34. Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 157-168. ACM, 2012.
35. Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu, and Bhavani Thuraisingham. Differentiating code from data in x86 binaries. In Machine Learning and Knowledge Discovery in Databases, pages 522-536. Springer, 2011.
36. David L Weaver and Tom Gremond. The SPARC architecture manual. PTR Prentice Hall Englewood Cliffs, NJ 07632, 1994.
37. Mingwei Zhang and R. Sekar. Control ow integrity for COTS binaries. In USENIX Security Symposium, 2013.