33 research outputs found
Adaptive just-in-time code diversification
We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and to update the diversification frequently during the execution of the program. This way, we can significantly reduce the time frame in which attackers can let a program leak useful address space information and subsequently use the leaked information in memory exploits. A proof of concept implementation is evaluated, showing that even though code is recompiled frequently, we can achieved smaller overheads than the previous state of the art, which generated diversity only once during the whole execution of a program
Delta breakpad : diversified binary crash reporting
This paper introduces Delta Breakpad. It extends the Breakpad crash reporting system to handle software diversity effectively and efficiently by replicating and patching the debug information of diversified software versions. Simple adaptations to existing open source compiler tools are presented that on the one hand introduce significant amounts of diversification in the code and stack layout of ARMv7 binaries to mitigate the widespread deployment of code injection and code reuse attacks, while on the other hand still supporting accurate crash reporting. An evaluation on SPEC2006 benchmarks demonstrates that the corresponding computational, storage, and communication overheads are small
Execution Integrity with In-Place Encryption
Instruction set randomization (ISR) was initially proposed with the main goal
of countering code-injection attacks. However, ISR seems to have lost its
appeal since code-injection attacks became less attractive because protection
mechanisms such as data execution prevention (DEP) as well as code-reuse
attacks became more prevalent.
In this paper, we show that ISR can be extended to also protect against
code-reuse attacks while at the same time offering security guarantees similar
to those of software diversity, control-flow integrity, and information hiding.
We present Scylla, a scheme that deploys a new technique for in-place code
encryption to hide the code layout of a randomized binary, and restricts the
control flow to a benign execution path. This allows us to i) implicitly
restrict control-flow targets to basic block entries without requiring the
extraction of a control-flow graph, ii) achieve execution integrity within
legitimate basic blocks, and iii) hide the underlying code layout under
malicious read access to the program. Our analysis demonstrates that Scylla is
capable of preventing state-of-the-art attacks such as just-in-time
return-oriented programming (JIT-ROP) and crash-resistant oriented programming
(CROP). We extensively evaluate our prototype implementation of Scylla and show
feasible performance overhead. We also provide details on how this overhead can
be significantly reduced with dedicated hardware support
Thwarting Code-Reuse and Side-Channel Attacks in Embedded Systems
Nowadays, embedded devices are increasingly present in everyday life, often
controlling and processing critical information. For this reason, these devices
make use of cryptographic protocols. However, embedded devices are particularly
vulnerable to attackers seeking to hijack their operation and extract sensitive
information. Code-Reuse Attacks (CRAs) can steer the execution of a program to
malicious outcomes, leveraging existing on-board code without direct access to
the device memory. Moreover, Side-Channel Attacks (SCAs) may reveal secret
information to the attacker based on mere observation of the device. In this
paper, we are particularly concerned with thwarting CRAs and SCAs against
embedded devices, while taking into account their resource limitations.
Fine-grained code diversification can hinder CRAs by introducing uncertainty to
the binary code; while software mechanisms can thwart timing or power SCAs. The
resilience to either attack may come at the price of the overall efficiency.
Moreover, a unified approach that preserves these mitigations against both CRAs
and SCAs is not available. This is the main novelty of our approach, Secure
Diversity by Construction (SecDivCon); a combinatorial compiler-based approach
that combines software diversification against CRAs with software mitigations
against SCAs. SecDivCon restricts the performance overhead in the generated
code, offering a secure-by-design control on the performance-security
trade-off. Our experiments show that SCA-aware diversification is effective
against CRAs, while preserving SCA mitigation properties at a low, controllable
overhead. Given the combinatorial nature of our approach, SecDivCon is suitable
for small, performance-critical functions that are sensitive to SCAs. SecDivCon
may be used as a building block to whole-program code diversification or in a
re-randomization scheme of cryptographic code
Recommended from our members
Randomized Instruction Sets and Runtime Environments: Past Research and Future Directions
Instruction set randomization offers a way to combat code-injection attacks by separating code from data (specifically, by randomizing legitimate code's execution environment). The author describes the motivation behind this approach and two application environments
The Multiple Facets of Software Diversity: Recent Developments in Year 2000 and Beyond
Early experiments with software diversity in the mid 1970's investigated N-version programming and recovery blocks to increase the reliability of embedded systems. Four decades later, the literature about software diversity has expanded in multiple directions: goals (fault-tolerance, security, software engineering); means (managed or automated diversity) and analytical studies (quantification of diversity and its impact). Our paper contributes to the field of software diversity as the first paper that adopts an inclusive vision of the area, with an emphasis on the most recent advances in the field. This survey includes classical work about design and data diversity for fault tolerance, as well as the cybersecurity literature that investigates randomization at different system levels. It broadens this standard scope of diversity, to include the study and exploitation of natural diversity and the management of diverse software products. Our survey includes the most recent works, with an emphasis from 2000 to present. The targeted audience is researchers and practitioners in one of the surveyed fields, who miss the big picture of software diversity. Assembling the multiple facets of this fascinating topic sheds a new light on the field