Article

Readactor: Practical Code Randomization Resilient to Memory Disclosure

Authors:

Stephen Crane,

Christopher Liebchen,

Michael FranzAuthors Info & Claims

SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

Pages 763 - 780

https://doi.org/10.1109/SP.2015.52

Published: 17 May 2015 Publication History

Abstract

Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software. Designing practical and effective defenses against code-reuse attacks is highly challenging. One line of defense builds upon fine-grained code diversification to prevent the adversary from constructing a reliable code-reuse attack. However, all solutions proposed so far are either vulnerable to memory disclosure or are impractical for deployment on commodity systems. In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Read actor, resilient to both static and dynamic ROP attacks. We distinguish between direct memory disclosure, where the attacker reads code pages, and indirect memory disclosure, where attackers use code pointers on data pages to infer the code layout without reading code pages. Unlike previous work, Read actor resists both types of memory disclosure. Moreover, our technique protects both statically and dynamically generated code. We use a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary. Finally, our extensive evaluation shows that our approach is practical -- we protect the entire Google Chromium browser and its V8 JIT compiler -- and efficient with an average SPEC CPU2006 performance overhead of only 6.4%.

Cited By

View all

Christou NGaidis AAtlidakis VKemerlis VLuo BLiao XXu JKirda ELie D(2024)Eclipse: Preventing Speculative Memory-error Abuse with Artificial Data DependenciesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690201(3913-3927)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690201
Gaidis AMoreira JSun KMilburn AAtlidakis VKemerlis V(2023)FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch TrackingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607219(527-546)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607219
Christou GNtousakis GLahtinen EIoannidis SKemerlis VVasilakis N(2023)BinWrap: Hybrid Protection against Native Node.js Add-onsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590330(429-442)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590330
Show More Cited By

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Hacking in darkness: return-oriented programming against secure enclaves
SEC'17: Proceedings of the 26th USENIX Conference on Security Symposium

Intel Software Guard Extensions (SGX) is a hardware-based Trusted Execution Environment (TEE) that is widely seen as a promising solution to traditional security threats. While SGX promises strong protection to bugfree software, decades of experience ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SP '15: Proceedings of the 2015 IEEE Symposium on Security and Privacy

May 2015

923 pages

ISBN:9781467369497

Publisher

IEEE Computer Society

United States

Publication History

Published: 17 May 2015

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

66
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Christou NGaidis AAtlidakis VKemerlis VLuo BLiao XXu JKirda ELie D(2024)Eclipse: Preventing Speculative Memory-error Abuse with Artificial Data DependenciesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690201(3913-3927)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690201
Gaidis AMoreira JSun KMilburn AAtlidakis VKemerlis V(2023)FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch TrackingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607219(527-546)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607219
Christou GNtousakis GLahtinen EIoannidis SKemerlis VVasilakis N(2023)BinWrap: Hybrid Protection against Native Node.js Add-onsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590330(429-442)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590330
Berlakovich FBrunthaler SFedorova ANarayanan DDi Luna GQuerzoni L(2023)R2C: AOCR-Resilient Diversity with Reactive and Reflective CamouflageProceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587439(488-504)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3552326.3587439
Tsoupidi RTroubitsyna EPapadimitratos P(2023)Thwarting code-reuse and side-channel attacks in embedded systemsComputers and Security10.1016/j.cose.2023.103405133:COnline publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103405
Li YCai JBao YChung Y(2023)What you can read is what you can't executeComputers and Security10.1016/j.cose.2023.103377132:COnline publication date: 1-Sep-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103377
Tsoupidi RCastañeda Lozano RBaudry B(2022)Constraint-based Diversification of JOP GadgetsJournal of Artificial Intelligence Research10.1613/jair.1.1284872(1471-1505)Online publication date: 4-Jan-2022
https://dl.acm.org/doi/10.1613/jair.1.12848
Shen ZDharsee KCriswell J(2022)Randezvous: Making Randomization Effective on MCUsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567970(28-41)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567970
Mishra TChantem TGerdes R(2022)Survey of Control-flow Integrity Techniques for Real-time Embedded SystemsACM Transactions on Embedded Computing Systems10.1145/353827521:4(1-32)Online publication date: 4-Oct-2022
https://dl.acm.org/doi/10.1145/3538275
Berlakovich FNeugschwandtner MBarany GLindorfer MPolakis J(2022)Look Ma, no constantsProceedings of the 15th European Workshop on Systems Security10.1145/3517208.3523751(36-42)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1145/3517208.3523751
Show More Cited By

Abstract

Cited By

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks

Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures

Hacking in darkness: return-oriented programming against secure enclaves

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations