Leakage-Resilient Layout Randomization for Mobile Devices

23rd Annual Network and Distributed System Security Symposium, NDSS 2016

Volumn , Issue , 2016, Pages

  Bradeny, Kjell ^a,b   Crane, Stephen ^c   Davi, Lucas ^a   Franz, Michael ^d   Larsen, Per ^c,d   Liebchen, Christopher ^a   Sadeghi, Ahmad Reza ^a  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b EURECOM   (France)

^c Immunant Inc ^*  (United States)

^d UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); RANDOM PROCESSES; VIRTUAL REALITY;

'CURRENT; CODE LAYOUT; CODE RANDOMIZATION; CODE REUSE; HARDWARE FEATURES; MEMORY OVERHEADS; ON-THE-FLY; RANDOMISATION; REAL-WORLD; VIRTUALIZATIONS;

VIRTUALIZATION;

EID: 85031703244     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss.2016.23364     Document Type: Conference Paper

References (55)

1. M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information System Security, 13, 2009.
2. ARM Ltd. ARM Compiler Software Development Guide v5.04, 2013. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0471k/ chr1368698593511.html.
3. M. Backes and S. Nürnberger. Oxymoron: Making fine-grained memory randomization practical by allowing code sharing. In 23rd USENIX Security Symposium, USENIX Sec, 2014.
4. M. Backes, T. Holz, B. Kollenda, P. Koppe, S. Nürnberger, and J. Pewny. You can run but you can’t read: Preventing disclosure exploits in executable code. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2014.
5. S. Bhatkar and R. Sekar. Data space randomization. In Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA, 2008.
6. D. Bigelow, T. Hobson, R. Rudd, W. Streilein, and H. Okhravi. Timely rerandomization for mitigating memory disclosures. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2015.
7. A. Bittau, A. Belay, A. J. Mashtizadeh, D. Mazières, and D. Boneh. Hacking blind. In 35th IEEE Symposium on Security and Privacy, S&P, 2014.
8. H. Bojinov, D. Boneh, R. Cannings, and I. Malchev. Address space randomization for mobile devices. In ACM Conference on Wireless Network Security, WiSec, 2011.
9. C. Cadar, P. Akritidis, M. Costa, J.-P. Martin, and M. Castro. Data randomization. Technical Report MSR-TR-2008-120, Microsoft Research, September 2008. URL http://research.microsoft.com/apps/pubs/default. aspx?id=70626.
10. D. Chisnall, C. Rothwell, R. N. M. Watson, J. Woodruff, M. Vadera, S. W. Moore, M. Roe, B. Davis, and P. G. Neumann. Beyond the PDP- 11: Architectural support for a memory-safe C abstract machine. In 20th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, 2015.
11. M. Conti, S. Crane, L. Davi, M. Franz, P. Larsen, C. Liebchen, M. Negro, M. Qunaibit, and A.-R. Sadeghi. Losing control: On the effectiveness of control-flow integrity under stack attacks. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2015.
12. F. J. Corbató and V. A. Vyssotsky. Introduction and overview of the MULTICS system. In Joint Computer Conference, AFIPS, 1965.
13. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Pointguard: protecting pointers from buffer overflow vulnerabilities. In 12th USENIX Security Symposium, USENIX Sec, 2003.
14. S. Crane, C. Liebchen, A. Homescu, L. Davi, P. Larsen, A.-R. Sadeghi, S. Brunthaler, and M. Franz. Readactor: Practical code randomization resilient to memory disclosure. In 36th IEEE Symposium on Security and Privacy, S&P, 2015.
15. S. Crane, S. Volkaert, F. Schuster, C. Liebchen, P. Larsen, L. Davi, A.- R. Sadeghi, T. Holz, B. D. Sutter, and M. Franz. It’s a TRAP: Table randomization and protection against function reuse attacks. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2015.
16. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. An Efficient Method of Computing Static Single Assignment Form. In 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL, 1989.
17. L. Davi, A. Dmitrienko, M. Egele, T. Fischer, T. Holz, R. Hund, S. Nürnberger, and A.-R. Sadeghi. MoCFI: A framework to mitigate control-flow attacks on smartphones. In 19th Annual Network and Distributed System Security Symposium, NDSS, 2012.
18. L. Davi, A. Dmitrienko, S. Nürnberger, and A. Sadeghi. Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM. In 8th ACM Symposium on Information, Computer and Communications Security, ASIACCS, 2013.
19. L. Davi, A. Sadeghi, D. Lehmann, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In 23rd USENIX Security Symposium, USENIX Sec, 2014.
20. L. Davi, C. Liebchen, A.-R. Sadeghi, K. Z. Snow, and F. Monrose. Isomeron: Code randomization resilient to (Just-In-Time) return-oriented programming. In 22nd Annual Network and Distributed System Security Symposium, NDSS, 2015.
21. J. Drake. Stagefright: scary code in the heart of Android. https://www. blackhat.com/us-15/briefings.html#stagefright-scary-code-in-the-heartof- android, 2015.
22. J. Gionta, W. Enck, and P. Ning. HideM: Protecting the contents of userspace memory in the face of disclosure vulnerabilities. In 5th ACM Conference on Data and Application Security and Privacy, CODASPY, 2015.
23. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced operating system security through efficient and fine-grained address space randomization. In 21st USENIX Security Symposium, USENIX Sec, 2012.
24. E. Göktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In 35th IEEE Symposium on Security and Privacy, S&P, 2014.
25. A. Homescu, S. Brunthaler, P. Larsen, and M. Franz. Librando: transparent code randomization for just-in-time compilers. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2013.
26. R. Hundt, E. Raman, M. Thuresson, and N. Vachharajani. MAO - an extensible micro-architectural optimizer. In 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO, 2011.
27. C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In 22nd Annual Computer Security Applications Conference, ACSAC, 2006.
28. V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation, OSDI, 2014.
29. P. Larsen, A. Homescu, S. Brunthaler, and M. Franz. SoK: Automated software diversity. In 35th IEEE Symposium on Security and Privacy, S&P, 2014.
30. B. Lee, L. Lu, T. Wang, T. Kim, and W. Lee. From zygote to morula: Fortifying weakened aslr on android. In IEEE Symposium on Security and Privacy, S&P, 2014.
31. K. Lu, C. Song, B. Lee, S. P. Chung, T. Kim, and W. Lee. ASLR-Guard: Stopping address space leakage for code reuse attacks. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2015.
32. S. Maleki, Y. Gao, M. J. Garzarán, T. Wong, and D. A. Padua. An evaluation of vectorizing compilers. In 2011 International Conference on Parallel Architectures and Compilation Techniques, PACT, 2011.
33. A. J. Mashtizadeh, A. Bittau, D. Boneh, and D. Mazières. CCFI: cryptographically enforced control flow integrity. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2015.
34. M. Meissner. Tricks of a Spec master. https: / / gcc . gnu . org / wiki / summit2010 ? action = AttachFile&do = get&target=meissner2.pdf.
35. V. Mohan, P. Larsen, S. Brunthaler, K. Hamlen, and M. Franz. Opaque control-flow integrity. In 22nd Annual Network and Distributed System Security Symposium, NDSS, 2015.
36. NaCL. Implementation and safety of nacl sfi for x86-64, 2015. https: //groups.google.com/forum/#!topic/native-client-discuss/C-wXFdR2lf8.
37. Nergal. The advanced return-into-lib(c) exploits: PaX case study. Phrack Magazine, 11, 2001.
38. K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda. G-Free: Defeating return-oriented programming through gadget-less binaries. In 26th Annual Computer Security Applications Conference, ACSAC, 2010.
39. V. Pappas, M. Polychronakis, and A. D. Keromytis. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In 33rd IEEE Symposium on Security and Privacy, S&P, 2012.
40. O. Peles and R. Hay. One class to rule them all: 0-day deserialization vulnerabilities in android. In Workshop on Offensive Technologies, WOOT, 2015.
41. J. Pewny and T. Holz. Control-flow restrictor: Compiler-based CFI for iOS. In 29th Annual Computer Security Applications Conference, ACSAC, 2013.
42. S. Quirem, F. Ahmed, and B. K. Lee. Cuda acceleration of p7viterbi algorithm in hmmer 3.0. In Performance Computing and Communications Conference, IPCCC, 2011.
43. R. Roemer, E. Buchanan, H. Shacham, and S. Savage. Return-oriented programming: Systems, languages, and applications. ACM Transactions on Information System Security, 15, 2012.
44. N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM TrustZone to build a trusted language runtime for mobile applications. In Architectural Support for Programming Languages and Operating Systems, ASPLOS, 2014.
45. F. B. Schneider. Enforceable security policies. ACM Trans. Inf. Syst. Secur., 3, 2000.
46. F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In 36th IEEE Symposium on Security and Privacy, S&P, 2015.
47. D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. Adapting software fault isolation to contemporary cpu architectures. In 18th USENIX Security Symposium, USENIX Sec, 2010.
48. J. Seibert, H. Okhravi, and E. Söderström. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2014.
49. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2004.
50. K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, and A. Sadeghi. Just-in-time code reuse: On the effectiveness of finegrained address space layout randomization. In 34th IEEE Symposium on Security and Privacy, S&P, 2013.
51. C. Song, C. Zhang, T. Wang, W. Lee, and D. Melski. Exploiting and protecting dynamic code generation. In 22nd Annual Network and Distributed System Security Symposium, NDSS, 2015.
52. R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, and T. Walter. Breaking the memory secrecy assumption. In 2nd European Workshop on System Security, EUROSEC, 2009.
53. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In 14th ACM Symposium on Operating System Principles, SOSP, 1993.
54. L. Zhao, G. Li, B. De Sutter, and J. Regehr. Armor: Fully verified software fault isolation. In 9th ACM International Conference on Embedded Software, EMSOFT, 2011.
55. Y. Zhou, X. Wang, Y. Chen, and Z. Wang. Armlock: Hardware-based fault isolation for arm. In ACM SIGSAC Conference on Computer and Communications Security, CCS, 2014.