308 research outputs found
Lockdown: Dynamic Control-Flow Integrity
Applications written in low-level languages without type or memory safety are
especially prone to memory corruption. Attackers gain code execution
capabilities through such applications despite all currently deployed defenses
by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI)
is a promising defense mechanism that restricts open control-flow transfers to
a static set of well-known locations. We present Lockdown, an approach to
dynamic CFI that protects legacy, binary-only executables and libraries.
Lockdown adaptively learns the control-flow graph of a running process using
information from a trusted dynamic loader. The sandbox component of Lockdown
restricts interactions between different shared objects to imported and
exported functions by enforcing fine-grained CFI checks. Our prototype
implementation shows that dynamic CFI results in low performance overhead.Comment: ETH Technical Repor
Execution Integrity with In-Place Encryption
Instruction set randomization (ISR) was initially proposed with the main goal
of countering code-injection attacks. However, ISR seems to have lost its
appeal since code-injection attacks became less attractive because protection
mechanisms such as data execution prevention (DEP) as well as code-reuse
attacks became more prevalent.
In this paper, we show that ISR can be extended to also protect against
code-reuse attacks while at the same time offering security guarantees similar
to those of software diversity, control-flow integrity, and information hiding.
We present Scylla, a scheme that deploys a new technique for in-place code
encryption to hide the code layout of a randomized binary, and restricts the
control flow to a benign execution path. This allows us to i) implicitly
restrict control-flow targets to basic block entries without requiring the
extraction of a control-flow graph, ii) achieve execution integrity within
legitimate basic blocks, and iii) hide the underlying code layout under
malicious read access to the program. Our analysis demonstrates that Scylla is
capable of preventing state-of-the-art attacks such as just-in-time
return-oriented programming (JIT-ROP) and crash-resistant oriented programming
(CROP). We extensively evaluate our prototype implementation of Scylla and show
feasible performance overhead. We also provide details on how this overhead can
be significantly reduced with dedicated hardware support
SOFIA : software and control flow integrity architecture
Microprocessors used in safety-critical systems are extremely sensitive to software vulnerabilities, as their failure can lead to injury, damage to equipment, or environmental catastrophe. This paper proposes a hardware-based security architecture for microprocessors used in safety-critical systems. The proposed architecture provides protection against code injection and code reuse attacks. It has mechanisms to protect software integrity, perform control flow integrity, prevent execution of tampered code, and enforce copyright protection. We are the first to propose a mechanism to enforce control flow integrity at the finest possible granularity. The proposed architectural features were added to the LEON3 open source soft microprocessor, and were evaluated on an FPGA running a software benchmark. The results show that the hardware area is 28.2% larger and the clock is 84.6% slower, while the software benchmark has a cycle overhead of 13.7% and a total execution time overhead of 110% when compared to an unmodified processor
Preventing Buffer Overflows with Binary Rewriting
Buffer overflows are the single largest cause of security attacks in recent times. Attacks based on this vulnerability have been the subject of extensive research and a significant number of defenses have been proposed for dealing with attacks of this nature. However, despite this extensive research, buffer overflows continue to be exploited due to the fact that many defenses proposed in prior research provide only partial coverage and attackers have adopted to exploit problems that are not well defended. The fact that many legacy binaries are still deployed in production environments also contributes to the success of buffer overflow attacks since most, if not all, buffer overflow defenses are source level defenses which require an application to be re-compiled. For many legacy applications, this may not be possible since the source code may no longer be available. In this thesis, we present an implementation of a defense mechanism for defending against various attack forms due to buffer overflows using binary rewriting. We study various attacks that happen in the real world and present techniques that can be employed within a binary rewriter to protect a binary from these attacks.
Binary rewriting is a nascent field and little research has been done regarding the applications of binary rewriting. In particular, there is great potential for applications of binary rewriting in software security. With a binary rewriter, a vulnerable application can be immediately secured without the need for access to it's source code which allows legacy binaries to be secured. Also, numerous attacks on application software assume that application binaries are laid out in certain ways or have certain characteristics. Our defense scheme implemented using binary rewriting technology can prevent many of these attacks. We demonstrate the effectiveness of our scheme in preventing many different attack forms based on buffer overflows on both synthetic benchmarks and real-world attacks
- …