1 research outputs found
Making Code Re-randomization Practical with MARDU
Defense techniques such as Data Execution Prevention (DEP) and Address Space
Layout Randomization (ASLR) were the early role models preventing primitive
code injection and return-oriented programming (ROP) attacks. Notably, these
techniques did so in an elegant and utilitarian manner, keeping performance and
scalability in the forefront, making them one of the few widely-adopted defense
techniques. As code re-use has evolved in complexity from JIT-ROP, to BROP and
data-only attacks, defense techniques seem to have tunneled on defending at all
costs, losing-their-way in pragmatic defense design. Some fail to provide
comprehensive coverage, being too narrow in scope, while others provide
unrealistic overheads leaving users willing to take their chances to maintain
performance expectations.
We present Mardu, an on-demand system-wide re-randomization technique that
improves re-randomization and refocuses efforts to simultaneously embrace key
characteristics of defense techniques: security, performance, and scalability.
Our code sharing with diversification is achieved by implementing reactive and
scalable, rather than continuous or one-time diversification while the use of
hardware supported eXecute-only Memory (XoM) and shadow stack prevent memory
disclosure; entwining and enabling code sharing further minimizes needed
tracking, patching costs, and memory overhead. Mardu's evaluation shows
performance and scalability to have low average overhead in both
compute-intensive (5.5% on SPEC) and real-world applications (4.4% on NGINX).
With this design, Mardu demonstrates that strong and scalable security
guarantees are possible to achieve at a practical cost to encourage deployment