More Web Proxy on the site http://driver.im/

research-article

MARDU: Efficient and Scalable Code Re-randomization

Authors:

Christopher Jelesnianski,

Yeongjin JangAuthors Info & Claims

SYSTOR '20: Proceedings of the 13th ACM International Systems and Storage Conference

Pages 49 - 60

https://doi.org/10.1145/3383669.3398280

Published: 30 May 2020 Publication History

Abstract

Defense techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were role models in preventing early return-oriented programming (ROP) attacks by keeping performance and scalability in the forefront, making them widely-adopted. As code reuse attacks evolved in complexity, defenses have lost touch with pragmatic defense design to ensure security, either being narrow in scope or providing unrealistic overheads.

We present MARDU, an on-demand system-wide re-randomization technique that maintains strong security guarantees while providing better overall performance and having scalability most defenses lack. We achieve code sharing with diversification by implementing reactive and scalable, rather than continuous or one-time diversification. Enabling code sharing further minimizes needed tracking, patching, and memory overheads. The evaluation of MARDU shows low performance overhead of 5.5% on SPEC and minimal degradation of 4.4% in NGINX, proving its applicability to both compute-intensive and scalable real-world applications.

References

[1]

2019. musl libc. https://wiki.musl-libc.org/.

[2]

One Aleph. 1996. Smashing the stack for fun and profit. http://www.shmoo.com/phrack/Phrack49/p49-14 (1996).

[3]

Amazon. 2019. Amazon EC2 C5 Instances. https://aws.amazon.com/ec2/instance-types/c5/.

[4]

Autore Anonimo. 2001. Once upon a free (). Phrack Magazine 11, 57 (2001).

[5]

ARM. 2019. ARM Compiler Software Development Guide: 2.21 Execute-only memory. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0471j/chr1368698326509.html.

[6]

Michael Backes and Stefan Nürnberger. 2014. Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA.

Digital Library

[7]

David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi. 2015. Timely Rerandomization for Mitigating Memory Disclosures. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.

Digital Library

[8]

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, and Dan Boneh. 2014. Hacking blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[9]

Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining Light on Shadow Stacks. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[10]

Xi Chen, Herbert Bos, and Cristiano Giuffrida. 2017. CodeArmor: Virtualizing The Code Space to Counter Disclosure Attacks. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (Euro S&P). Paris, France.

[11]

Stephen Crane, Andrei Homescu, and Per Larsen. 2016. Code Randomization: Haven't We Solved This Problem Yet?. In Cybersecurity Development (SecDev), IEEE. IEEE, 124--129.

[12]

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. 2015. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[13]

Stephen J Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, and Michael Franz. 2015. It's a TRaP: Table Randomization and Protection Against Function-reuse Attacks. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[14]

Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada.

[15]

Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. Missing the point (er): On the effectiveness of code pointer integrity. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[16]

Fedora. 2018. Hardening Flags Updates for Fedora 28. https://fedoraproject.org/wiki/Changes/HardeningFlags28.

[17]

Mark Gallagher, Lauren Biernacki, Shibo Chen, Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Misiker Tadesse Aga, Austin Harris, Zhixing Xu, Baris Kasikci, Valeria Bertacco, Sharad Malik, Mohit Tiwari, and Todd Austin. 2019. Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defenses with Churn. In Proceedings of the 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Providence, RI, USA, 469--484.

Digital Library

[18]

Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, and Thorsten Holz. 2016. Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[19]

Cristiano Giuffrida, Anton Kuijsten, and Andrew S Tanenbaum. 2012. Enhanced Operating System Security Through Efficient and Finegrained Address Space Randomization. In Proceedings of the 21st USENIX Security Symposium (Security). Bellevue, WA.

Digital Library

[20]

Will Glozer. 2019. a HTTP benchmarking tool. https://github.com/wg/wrk.

[21]

Enes Göktaş, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, and Herbert Bos. 2016. Undermining Information Hiding (and What to Do about It). In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.

Digital Library

[22]

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing Unique Code Target Property for Control-Flow Integrity. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, ON, Canada.

Digital Library

[23]

Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 969--986.

[24]

Intel Corporation. 2019. Intel 64 and IA-32 Architectures Software Developer's Manual. https://software.intel.com/en-us/articles/intelsdm.

[25]

Intel Corporation. 2019. INTEL ® XEON ® SCALABLE PROCESSORS. https://www.intel.com/content/www/us/en/products/processors/xeon/scalable.html.

[26]

Jonathan Corbet. 2004. x86 NX support. https://lwn.net/Articles/87814/.

[27]

Michel Kaempf. [n. d.]. Vudo malloc tricks. Phrack Magazine, 57 (8), August 2001.

[28]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[29]

Benjamin Kollenda, Enes Göktaş, Tim Blazytko, Philipp Koppe, Robert Gawlik, Radhesh Krishnan Konoth, Cristiano Giuffrida, Herbert Bos, and Thorsten Holz. 2017. Towards Automated Discovery of Crash-resistant Primitives in Binary Executables. In Proceedings of the 47th International Conference on Dependable Systems and Networks (DSN). Denver, CO.

[30]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD.

[31]

Kangjie Lu, Wenke Lee, Stefan Nürnberger, and Michael Backes. 2016. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[32]

Michael Larabel. 2017. Glibc Rolls Out Support For Memory Protection Keys. https://www.phoronix.com/scan.php?page=news_item&px=Glibc-Memory-Protection-Keys.

[33]

Microsoft Support. 2017. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in.

[34]

Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida. 2016. Poking Holes in Information Hiding. In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.

Digital Library

[35]

Jannik Pewny, Philipp Koppe, Lucas Davi, and Thorsten Holz. 2017. Breaking and Fixing Destructive Code Read Defenses. In Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Abu Dhabi, UAE, 55--67.

Digital Library

[36]

Hovav Shacham. 2007. The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security. Alexandria, VA.

Digital Library

[37]

K. Z. Snow, R. Rogowski, J. Werner, H. Koo, F. Monrose, and M. Polychronakis. 2016. Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks. In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

[38]

Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2015. Heisenbyte: Thwarting memory disclosure attacks using destructive code reads. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.

Digital Library

[39]

Zhe Wang, Chenggang Wu, Jianjun Li, Yuanming Lai, Xiangyu Zhang, Wei-Chung Hsu, and Yueqiang Cheng. 2017. Reranz: A Light-weight Virtual Machine to Mitigate Memory Disclosure Attacks. In Proceedings of the 13th International Conference on Virtual Execution Environments (VEE). Xi'an, China.

Digital Library

[40]

Bryan C Ward, Richard Skowyra, Chad Spensky, Jason Martin, and Hamed Okhravi. 2019. The Leakage-Resilience Dilemma. In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS). Luxembourg.

Digital Library

[41]

David Williams-King, Graham Gobieski, Kent Williams-King, James P Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and Deployable Continuous Code Re-Randomization. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Savannah, GA.

Cited By

Li YJiang SBao YChen PZhou YChung YLuo BLiao XXu JKirda ELie D(2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670269
Shi JGuan LLi WZhang DChen PZhang N(2022)HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00039(520-536)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00039

Index Terms

MARDU: Efficient and Scalable Code Re-randomization
1. Security and privacy
  1. Software and application security
    1. Software security engineering
  2. Systems security

Recommendations

Securely Sharing Randomized Code That Flies
Address space layout randomization was a great role model, being a light-weight defense technique that could prevent early return-oriented programming attacks. Simple yet effective, address space layout randomization was quickly widely adopted. Conversely,...
Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets statically and checking them at runtime. Coarse-grained enforcements of ...
The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

In 2007, Shacham published a seminal paper on Return-Oriented Programming (ROP), the first systematic formulation of code reuse. The paper has been highly influential, profoundly shaping the way we still think about code reuse today: an attacker analyzes ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SYSTOR '20: Proceedings of the 13th ACM International Systems and Storage Conference

May 2020

118 pages

ISBN:9781450375887

DOI:10.1145/3383669

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Technion: Israel Institute of Technology
SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

US Office of Naval Research

Conference

SYSTOR '20

Sponsor:

Technion
SIGOPS

SYSTOR '20: The 13th ACM International Systems and Storage Conference

June 2 - 4, 2020

Haifa, Israel

Acceptance Rates

Overall Acceptance Rate 108 of 323 submissions, 33%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
680
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)4

Reflects downloads up to 26 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li YJiang SBao YChen PZhou YChung YLuo BLiao XXu JKirda ELie D(2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670269
Shi JGuan LLi WZhang DChen PZhang N(2022)HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00039(520-536)Online publication date: Jun-2022
https://doi.org/10.1109/EuroSP53844.2022.00039

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents