More Web Proxy on the site http://driver.im/

short-paper

Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks

Authors:

Ahmad-Reza Sadeghi,

Marcel WinandyAuthors Info & Claims

STC '09: Proceedings of the 2009 ACM workshop on Scalable trusted computing

Pages 49 - 54

https://doi.org/10.1145/1655108.1655117

Published: 13 November 2009 Publication History

Abstract

Despite the many efforts made in recent years to mitigate runtime attacks such as stack and heap based buffer overflows, these attacks are still a common security concern in today's computing platforms. Attackers have even found new ways to enforce runtime attacks including use of a technique called return-oriented programming. Trusted Computing provides mechanisms to verify the integrity of all executable content in an operating system. But they only provide integrity at load-time and are not able to prevent or detect runtime attacks. To mitigate return-oriented programming attacks, we propose new runtime integrity monitoring techniques that use tracking instrumentation of program binaries based on taint analysis and dynamic tracing. We also describe how these techniques can be employed in a dynamic integrity measurement architecture (DynIMA). In this way we fill the gap between static load-time and dynamic runtime attestation and, in particular, extend trusted computing techniques to effectively defend against return-oriented programming attacks.

References

[1]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. In CCS'05: Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 340--353. ACM, 2005.

Digital Library

[2]

Aleph One. Smashing the stack for fun and profit. Phrack Magazine, 49(14), 1996.

[3]

W. A. Arbaugh, D. J. Farber, and J. M. Smith. A secure and reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 65--71, Oakland, CA, May 1997. IEEE Computer Society.

Digital Library

[4]

S. Bratus, M. E. Locasto, A. Ramaswamy, and S. W. Smith. New directions for hardware-assisted trusted computing policies. In Conference on the Future of Trust in Computing (FTC 2008), June 2008. http: //www.cs.dartmouth.edu/~sws/pubs/berlin.pdf.

[5]

E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: generalizing return-oriented programming to RISC. In CCS'08: Proceedings of the 15th ACM conference on Computer and communications security, pages 27--38. ACM, 2008.

Digital Library

[6]

B. M. Cantrill, M. W. Shapiro, and A. H. Leventhal. Dynamic instrumentation of production systems. In Proceedings of USENIX 2004 Annual Technical Conference, pages 15--28, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[7]

W. Chang, B. Strei, and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In CCS'08: Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 39--50. ACM, 2008.

Digital Library

[8]

W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of the 11th IEEE Symposium on Computers and Communications (ISCC 2006), pages 749--754. IEEE, 2006.

Digital Library

[9]

J. Clause, W. Li, and A. Orso. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing, pages 196--206, 2007.

Digital Library

[10]

J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the 37th International Symposium on Microarchitecture, pages 221--232, 2004.

Digital Library

[11]

M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible information flow architecture for software security. In Proceedings of the 34th International Symposium on Computer Architecture, pages 482--493, 2007.

Digital Library

[12]

V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation: A virtual machine directed approach to trusted computing. In USENIX Virtual Machine Research and Technology Symposium, 2004.

Digital Library

[13]

Internet Crime Complaint Center. 2008 Internet Crime Report. http://www.ic3.gov/media/ annualreport/2008_IC3Report.pdf, 2008.

[14]

T. Jaeger, R. Sailer, and U. Shankar. Prima: policy-reduced integrity measurement architecture. In SACMAT'06: Proceedings of the eleventh ACM symposium on Access control models and technologies, pages 19--28, New York, NY, USA, 2006. ACM.

Digital Library

[15]

S. Jiang, S. Smith, and K. Minami. Securing web servers against insider attack. In 17th Annual Computer Security Applications Conference (ACSAC), pages 265--276, 2001.

Digital Library

[16]

C. Kil, E. C. Sezer, A. M. Azab, P. Ning, and X. Zhang. Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In Proceedings of the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2009), 2009. to appear.

[17]

U. Kuehn, M. Selhorst, and C. Stueble. Realizing property-based attestation and sealing with commonly available hard- and software. In STC'07: Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, pages 50--57. ACM Press, 2007.

Digital Library

[18]

L. C. Lam and T.-C. Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of the 22nd Annual Computer Security Applications Conference, pages 463--472. IEEE Computer Society, 2006.

Digital Library

[19]

P. A. Loscocco, P. W. Wilson, J. A. Pendergrass, and C. D. McDonell. Linux kernel integrity measurement using contextual inspection. In Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing (STC'07), pages 21--29. ACM, 2007.

Digital Library

[20]

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI'05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, volume 40, pages 190--200, New York, NY, USA, June 2005. ACM Press.

Digital Library

[21]

R. Macdonald, S. Smith, J. Marchesini, and O. Wild. Bear: An open-source virtual secure coprocessor based on TCPA. Technical Report TR2003-471, Department of Computer Science, Dartmouth College, 2003.

[22]

Microsoft Corporation. Bitlocker drive encryption, July 2007. http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx.

[23]

J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed Security Symposium, 2005.

[24]

PaX Team. http://pax.grsecurity.net/.

[25]

N. L. Petroni, Jr. and M. Hicks. Automated detection of persistent kernel control-flow attacks. In CCS'07: Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 103--115. ACM, 2007.

Digital Library

[26]

J. Poritz, M. Schunter, E. Van Herreweghen, and M. Waidner. Property attestation---scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research, May 2004.

[27]

F. Qin, C. Wang, Z. Li, H. seop Kim, Y. Zhou, and Y. Wu. LIFT: A low-overhead information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM Symposium on Microarchitecture, pages 135--148, 2006.

Digital Library

[28]

A.-R. Sadeghi and C. Stüble. Property-based attestation for computing platforms: Caring about properties, not mechanisms. In The 2004 New Security Paradigms Workshop, pages 67--77. ACM, 2004.

Digital Library

[29]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium, pages 223--238, 2004.

Digital Library

[30]

SANS Institute. SANS Top-20 2007 Security Risks. http://www.sans.org/top20/2007/top20.pdf, Nov. 2007.

[31]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In CCS'07: Proceedings of the 14th ACM Conference on Computer and Communications Security, pages 552--561. ACM, 2007.

Digital Library

[32]

Solar Designer. "return-to-libc" attack. Bugtraq, 1997.

[33]

G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS-XI: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 85--96. ACM, 2004.

Digital Library

[34]

Tiller Beauchamp and David Weston. Dtrace: The reverse engineer's unexpected swiss army knife. http://www.poppopret.org/ DTrace-Beauchamp-Weston.pdf, 2008.

[35]

Trusted Computing Group. TPM main specification. Specification Version 1.2 rev. 103, July 2007. https: //www.trustedcomputinggroup.org/specs/TPM/.

[36]

W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the 15th USENIX Security Symposium, pages 121--136, 2006.

Digital Library

Cited By

Chen YDing YZhang JSong L(2024)MRA-IMA: Enhanced Mutual Remote Attestation Based on ARM TrustZone2024 9th International Conference on Computer and Communication Systems (ICCCS)10.1109/ICCCS61882.2024.10603080(1278-1284)Online publication date: 19-Apr-2024
https://doi.org/10.1109/ICCCS61882.2024.10603080
Zhang XChen ZZhang XShen QWu Z(2024)IPOD2: an irrecoverable and verifiable deletion scheme for outsourced dataThe Computer Journal10.1093/comjnl/bxae05367:10(2877-2889)Online publication date: 30-Jun-2024
https://doi.org/10.1093/comjnl/bxae053
Kucab MBoryło PChołda P(2023)Hardware-Assisted Static and Runtime Attestation for Cloud DeploymentsIEEE Transactions on Cloud Computing10.1109/TCC.2023.332729011:4(3750-3765)Online publication date: Oct-2023
https://doi.org/10.1109/TCC.2023.3327290
Show More Cited By

Index Terms

Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks
1. Information systems
  1. Information systems applications
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Control-Flow Integrity: Precision, Security, and Performance

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today’s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control ...
Return-Oriented Programming: Systems, Languages, and Applications
Special Issue on Computer and Communications Security

We introduce return-oriented programming, a technique by which an attacker can induce arbitrary behavior in a program whose control flow he has diverted, without injecting any code. A return-oriented program chains together short instruction sequences ...
Survey of return-oriented programming defense mechanisms

A prominent software security violation-buffer overflow attack has taken various forms and poses serious threats until today. One such vulnerability is return-oriented programming attack. An return-oriented programming attack circumvents the dynamic ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

STC '09: Proceedings of the 2009 ACM workshop on Scalable trusted computing

November 2009

82 pages

ISBN:9781605587882

DOI:10.1145/1655108

General Chair:
Shouhuai Xu
University of Texas, San Antonio, USA
,
Program Chairs:
N. Asokan
Nokia Research, Finland
,
Cristina Nita-Rotaru
CERIAS, Purdue University, USA
,
Jean-Pierre Seifert
Technische Universitat and Deutsche Telekom Laboratories, Germany

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

113
Total Citations
View Citations
1,417
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)2

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen YDing YZhang JSong L(2024)MRA-IMA: Enhanced Mutual Remote Attestation Based on ARM TrustZone2024 9th International Conference on Computer and Communication Systems (ICCCS)10.1109/ICCCS61882.2024.10603080(1278-1284)Online publication date: 19-Apr-2024
https://doi.org/10.1109/ICCCS61882.2024.10603080
Zhang XChen ZZhang XShen QWu Z(2024)IPOD2: an irrecoverable and verifiable deletion scheme for outsourced dataThe Computer Journal10.1093/comjnl/bxae05367:10(2877-2889)Online publication date: 30-Jun-2024
https://doi.org/10.1093/comjnl/bxae053
Kucab MBoryło PChołda P(2023)Hardware-Assisted Static and Runtime Attestation for Cloud DeploymentsIEEE Transactions on Cloud Computing10.1109/TCC.2023.332729011:4(3750-3765)Online publication date: Oct-2023
https://doi.org/10.1109/TCC.2023.3327290
Yang GLiu XTang C(2022)Horus: An Effective and Reliable Framework for Code-Reuse Exploits Detection in Data StreamElectronics10.3390/electronics1120336311:20(3363)Online publication date: 18-Oct-2022
https://doi.org/10.3390/electronics11203363
Verbeek FBockenek JFu ZRavindran BJhala RDillig I(2022)Formally verified lifting of C-compiled x86-64 binariesProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523702(934-949)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523702
Li JNiu WYan RDuan ZLi BZhang X(2022)IDROP: Intelligently detecting Return-Oriented Programming using real-time execution flow and LSTM2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00033(167-174)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00033
Liu QBao KHagenmeyer V(2022)Binary Exploitation in Industrial Control Systems: Past, Present and FutureIEEE Access10.1109/ACCESS.2022.317192210(48242-48273)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3171922
Petz AAlexander P(2022)Formally verified bundling and appraisal of evidence for layered attestationsInnovations in Systems and Software Engineering10.1007/s11334-022-00475-119:4(411-426)Online publication date: 4-Sep-2022
https://doi.org/10.1007/s11334-022-00475-1
Song LDing YDong PGuo YWang C(2022)TZ-IMA: Supporting Integrity Measurement for Applications with ARM TrustZoneInformation and Communications Security10.1007/978-3-031-15777-6_19(342-358)Online publication date: 24-Aug-2022
https://doi.org/10.1007/978-3-031-15777-6_19
Arfaoui GFouque PJacques TLafourcade PNedelcu AOnete CRobert L(2022)A Cryptographic View of Deep-Attestation, or How to Do Provably-Secure Layer-LinkingApplied Cryptography and Network Security10.1007/978-3-031-09234-3_20(399-418)Online publication date: 20-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-09234-3_20
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents