Fast Out-of-Band Data Integrity Monitor to Mitigate Memory Corruption Attacks
Pages 139 - 155
Abstract
Memory corruption is a root cause of software attacks. Existing defense mechanisms (e.g., DEP, ASLR, CFI, CPI/CPS, and DFI) either offer limited security guarantees or incur high performance overhead. In this paper, we designed and developed a fast out-of-band (OOB) integrity monitor dubbed FastDIM to protect both applications and kernels against memory corruption attacks with less overhead. With FastDIM, a program in question is statically hardened by a compiler module. After that, the integrity of sensitive program data such as control-flow transfers (e.g., code pointers) and security relevant non-control data (e.g., encryption keys) are automatically protected by a monitor at run time. The key differences between FastDIM and related work are in the following aspects: 1) FastDIM offers an OOB monitor that protects the programs independently rather than letting the protected programs verify themselves using inlined reference monitor (IRM); 2) FastDIM extends the concept of shadow stacks originally proposed in CFI to protect not only return addresses but also other sensitive data such as function pointers, vtable pointers, and user-annotated sensitive non-control data. Thus, the protection of FastDIM is beyond control-flow data; 3) FastDIM provides a fast communication mechanism between programs and the monitor, so that the integrity checks are performed efficiently without context switch; and 4) for a better scalability and compatibility, FastDIM does not rely on LTO and Cross-DSO to support applications with dynamically linked libraries. We implemented a Kernel version and a TrustZone version of FastDIM to protect both user programs and Linux/Android kernels. The evaluation results show that the average overhead of FastDIM is 4.4% on SPEC CPU2017 C/C++ benchmarks and around 3% on AnTuTu benchmarks.
References
[1]
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. CCS 2005, ACM, New York, NY, USA (2005)
[2]
Abadi M, Budiu M, Erlingsson U, and Ligatti J Control-flow integrity principles, implementations, and applications ACM Trans. Inf. Syst. Secur. 2009 13 1 4:1-4:40
[3]
Bhatkar S and Sekar R Zamboni D Data space randomization Detection of Intrusions and Malware, and Vulnerability Assessment 2008 Heidelberg Springer 1-22
[4]
Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 268–279. CCS 2015, ACM, New York, NY, USA (2015)
[5]
Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 161–176. USENIX Association, Washington, D.C (2015)
[6]
Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 147–160. OSDI 2006, USENIX Association, Berkeley, CA, USA (2006)
[7]
Ding, R., Qian, C., Song, C., Harris, B., Kim, T., Lee, W.: Efficient protection of path-sensitive control security. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 131–148. USENIX Association, Vancouver, BC (2017)
[8]
Goktas, E., et al.: Bypassing Clang’s SafeStack for fun and profit. In: Black Hat Europe (2016)
[9]
Intelligence, S.: Android keystore stack buffer overflow: to keep things simple, buffers are always larger than needed (2014)
[10]
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), pp. 147–163. USENIX Association, Broomfield, CO (2014)
[11]
Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with “return-less” kernels. In: Proceedings of the 5th European Conference on Computer Systems, pp. 195–208. EuroSys 2010, ACM, New York, NY, USA (2010)
[12]
Mashtizadeh, A.J., Bittau, A., Boneh, D., Mazières, D.: CCFI: cryptographically enforced control flow integrity. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 941–951. CCS 2015, ACM, New York, NY, USA (2015)
[13]
Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K.W., Franz, M.: Opaque control-flow integrity. In: NDSS (2015)
[14]
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of ACM PLDI (2009)
[15]
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: Proceedings of ISMM (2010)
[16]
Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: Proceedings of ACM POPL (2002)
[17]
Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: NDSS (2005)
[18]
Niu B and Tan G Modular control-flow integrity SIGPLAN Not. 2014 49 6 577-587
[19]
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 574–588. SP 2013, IEEE Computer Society, Washington, DC, USA (2013)
[20]
Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 559–573. SP 2013, IEEE Computer Society, Washington, DC, USA (2013)
[21]
Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22Nd USENIX Conference on Security, pp. 337–352. SEC 2013, USENIX Association, Berkeley, CA, USA (2013)
Index Terms
- Fast Out-of-Band Data Integrity Monitor to Mitigate Memory Corruption Attacks
Index terms have been assigned to the content through auto-classification.
Recommendations
An Overview of Prevention/Mitigation against Memory Corruption Attack
ISCSIC '18: Proceedings of the 2nd International Symposium on Computer Science and Intelligent ControlOne of the most prevalent, ancient and devastating vulnerabilities which is increasing rapidly is Memory corruption. It is a vulnerability where a memory location contents of a computer system are altered because of programming errors allowing execution ...
Integrating Static Analyses for High-Precision Control-Flow Integrity
RAID '24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and DefensesMemory corruptions are still one of the most prevalent and severe security vulnerabilities in today’s programs. For this reason, several techniques for mitigating software vulnerabilities exist and are used in production systems. An important mitigation ...
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and NetworksMost malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2022.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 11 November 2022
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025