Heisenbyte: Thwarting memory disclosure attacks using destructive code reads

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2015-October, Issue , 2015, Pages 256-267

  Tang, Adrian ^a   Sethumadhavan, Simha ^a   Stolfo, Salvatore ^a  

^a Fu Foundation School of Engineering and Applied Science   (United States)

Author keywords

Binary rewriting; Destructive code reads; Memory disclosure

Indexed keywords

BINS; CODES (SYMBOLS); JUST IN TIME PRODUCTION; VIRTUAL REALITY;

BINARY REWRITING; CODE REUSE; DESTRUCTIVE CODE READS; JUST IN TIME; MEMORY PAGES; RUNTIME OVERHEADS; STATIC CODES; VIRTUALIZATIONS;

STATIC ANALYSIS;

EID: 84954181687     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2810103.2813685     Document Type: Conference Paper

References (29)

1. M. Athanasakis, E. Athanasopoulos, M. Polychronakis, G. Portokalidis, and S. Ioannidis. The devil is in the constants: Bypassing defenses in browser jit engines. In Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015), 2015.
2. M. Backes, T. Holz, B. Kollenda, P. Koppe, S. Nürnberger, and J. Pewny. You can run but you can't read: Preventing disclosure exploits in executable code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 1342-1353, New York, NY, USA, 2014. ACM.
3. M. Backes and S. Nürnberger. Oxymoron: Making fine-grained memory randomization practical by allowing code sharing. Proc. 23rd Usenix Security Sym, pages 433-447, 2014.
4. T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang. Jump-oriented programming: a new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pages 30-40. ACM, 2011.
5. S. Crane, C. Liebchen, A. Homescu, L. Davi, P. Larsen, A.-R. Sadeghi, S. Brunthaler, and M. Franz. Readactor: Practical code randomization resilient to memory disclosure. In 36th IEEE Symposium on Security and Privacy (Oakland), May 2015.
6. L. Davi, C. Liebchen, A.-R. Sadeghi, K. Z. Snow, and F. Monrose. Isomeron: Code randomization resilient to (just-in-time) return-oriented programming. 2015.
7. Z. Deng, X. Zhang, and D. Xu. Spider: Stealthy binary program instrumentation and debugging via hardware virtualization. In Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC '13, pages 289-298, New York, NY, USA, 2013. ACM.
8. H. Dybdahl, P. G. Kjeldsberg, M. Grannæs, and L. Natvig. Destructive-read in embedded dram, impact on power consumption. J. Embedded Comput., 2(2):249-260, Apr. 2006.
9. I. Evans, S. Fingeret, J. González, U. Otgonbaatar, T. Tang, H. Shrobe, S. Sidiroglou-Douskos, M. Rinard, and H. Okhravi. Missing the point(er): On the effectiveness of code pointer integrity. In 36th IEEE Symposium on Security and Privacy (Oakland), May 2015.
10. J. Gionta, W. Enck, and P. Ning. Hidem: Protecting the contents of userspace memory in the face of disclosure vulnerabilities. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY '15, pages 325-336, New York, NY, USA, 2015. ACM.
11. Fyyre. Disable patchguard - the easy/lazy way. http://fyyre.ivory-tower.de/projects/bootloader.txt, 2011.
12. J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: cold-boot attacks on encryption keys. Communications of the ACM, 52(5):91-98, 2009.
13. A. Homescu, S. Brunthaler, P. Larsen, and M. Franz. Librando: transparent code randomization for just-in-time compilers. In Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security, pages 993-1004. ACM, 2013.
14. Intel. Intel 64 and IA-32 Architectures Software Developer's Manual - Volume 3C, 2014.
15. C. Kil, J. Jim, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Computer Security Applications Conference, 2006. ACSAC'06. 22nd Annual, pages 339-348. IEEE, 2006.
16. Microsoft. Asynchronous procedure calls. https://msdn.microsoft.com/enus/library/windows/desktop/ms681951(v=vs.85).aspx.
17. Microsoft. Windows resource protection. https://msdn.microsoft.com/enus/library/windows/desktop/cc185681(v=vs.85).aspx.
18. V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 601-615. IEEE, 2012.
19. P. Pie. Mobile Pwn2Own Autumn 2013 - Chrome on Android - Exploit Writeup, 2013.
20. J. Seibert, H. Okkhravi, and E. Söderström. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 54-65. ACM, 2014.
21. H. Shacham. The geometry of innocent esh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security, pages 552-561. ACM, 2007.
22. K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A.-R. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 574-588. IEEE, 2013.
23. S. Sparks and J. Butler. Raising the bar for windows rootkit detection. http://phrack.org/issues/63/8.html, 2005.
24. D. L. C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS IX, pages 168-177, New York, NY, USA, 2000. ACM.
25. J. Torrey. More shadow walker: Tlb-splitting on modern x86. Blackhat USA, 2014.
26. P. Van Oorschot, A. Somayaji, and G. Wurster. Hardware-assisted circumvention of self-hashing software tamper resistance. Dependable and Secure Computing, IEEE Transactions on, 2(2):82-92, April 2005.
27. R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 157-168. ACM, 2012.
28. R. Wartell, Y. Zhou, K. W. Hamlen, M. Kantarcioglu, and B. Thuraisingham. Differentiating code from data in x86 binaries. In Machine Learning and Knowledge Discovery in Databases, pages 522-536. Springer, 2011.
29. C. Song, C. Zhang, T. Wang, W. Lee, and D. Melski. Exploiting and protecting dynamic code generation. In Proceedings of the 2015 Network and Distributed System Security (NDSS) Symposium, 2015.