[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3383669.3398280acmconferencesArticle/Chapter ViewAbstractPublication PagessystorConference Proceedingsconference-collections
research-article

MARDU: Efficient and Scalable Code Re-randomization

Published: 30 May 2020 Publication History

Abstract

Defense techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were role models in preventing early return-oriented programming (ROP) attacks by keeping performance and scalability in the forefront, making them widely-adopted. As code reuse attacks evolved in complexity, defenses have lost touch with pragmatic defense design to ensure security, either being narrow in scope or providing unrealistic overheads.
We present MARDU, an on-demand system-wide re-randomization technique that maintains strong security guarantees while providing better overall performance and having scalability most defenses lack. We achieve code sharing with diversification by implementing reactive and scalable, rather than continuous or one-time diversification. Enabling code sharing further minimizes needed tracking, patching, and memory overheads. The evaluation of MARDU shows low performance overhead of 5.5% on SPEC and minimal degradation of 4.4% in NGINX, proving its applicability to both compute-intensive and scalable real-world applications.

References

[1]
2019. musl libc. https://wiki.musl-libc.org/.
[2]
One Aleph. 1996. Smashing the stack for fun and profit. http://www.shmoo.com/phrack/Phrack49/p49-14 (1996).
[3]
Amazon. 2019. Amazon EC2 C5 Instances. https://aws.amazon.com/ec2/instance-types/c5/.
[4]
Autore Anonimo. 2001. Once upon a free (). Phrack Magazine 11, 57 (2001).
[5]
ARM. 2019. ARM Compiler Software Development Guide: 2.21 Execute-only memory. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0471j/chr1368698326509.html.
[6]
Michael Backes and Stefan Nürnberger. 2014. Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA.
[7]
David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi. 2015. Timely Rerandomization for Mitigating Memory Disclosures. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.
[8]
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, and Dan Boneh. 2014. Hacking blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.
[9]
Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining Light on Shadow Stacks. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.
[10]
Xi Chen, Herbert Bos, and Cristiano Giuffrida. 2017. CodeArmor: Virtualizing The Code Space to Counter Disclosure Attacks. In Proceedings of the 2nd IEEE European Symposium on Security and Privacy (Euro S&P). Paris, France.
[11]
Stephen Crane, Andrei Homescu, and Per Larsen. 2016. Code Randomization: Haven't We Solved This Problem Yet?. In Cybersecurity Development (SecDev), IEEE. IEEE, 124--129.
[12]
Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. 2015. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.
[13]
Stephen J Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Bjorn De Sutter, and Michael Franz. 2015. It's a TRaP: Table Randomization and Protection Against Function-reuse Attacks. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.
[14]
Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada.
[15]
Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. Missing the point (er): On the effectiveness of code pointer integrity. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.
[16]
Fedora. 2018. Hardening Flags Updates for Fedora 28. https://fedoraproject.org/wiki/Changes/HardeningFlags28.
[17]
Mark Gallagher, Lauren Biernacki, Shibo Chen, Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Misiker Tadesse Aga, Austin Harris, Zhixing Xu, Baris Kasikci, Valeria Bertacco, Sharad Malik, Mohit Tiwari, and Todd Austin. 2019. Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defenses with Churn. In Proceedings of the 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Providence, RI, USA, 469--484.
[18]
Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, and Thorsten Holz. 2016. Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.
[19]
Cristiano Giuffrida, Anton Kuijsten, and Andrew S Tanenbaum. 2012. Enhanced Operating System Security Through Efficient and Finegrained Address Space Randomization. In Proceedings of the 21st USENIX Security Symposium (Security). Bellevue, WA.
[20]
Will Glozer. 2019. a HTTP benchmarking tool. https://github.com/wg/wrk.
[21]
Enes Göktaş, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, and Herbert Bos. 2016. Undermining Information Hiding (and What to Do about It). In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.
[22]
Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing Unique Code Target Property for Control-Flow Integrity. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, ON, Canada.
[23]
Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 969--986.
[24]
Intel Corporation. 2019. Intel 64 and IA-32 Architectures Software Developer's Manual. https://software.intel.com/en-us/articles/intelsdm.
[25]
Intel Corporation. 2019. INTEL ® XEON ® SCALABLE PROCESSORS. https://www.intel.com/content/www/us/en/products/processors/xeon/scalable.html.
[26]
Jonathan Corbet. 2004. x86 NX support. https://lwn.net/Articles/87814/.
[27]
Michel Kaempf. [n. d.]. Vudo malloc tricks. Phrack Magazine, 57 (8), August 2001.
[28]
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.
[29]
Benjamin Kollenda, Enes Göktaş, Tim Blazytko, Philipp Koppe, Robert Gawlik, Radhesh Krishnan Konoth, Cristiano Giuffrida, Herbert Bos, and Thorsten Holz. 2017. Towards Automated Discovery of Crash-resistant Primitives in Binary Executables. In Proceedings of the 47th International Conference on Dependable Systems and Networks (DSN). Denver, CO.
[30]
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD.
[31]
Kangjie Lu, Wenke Lee, Stefan Nürnberger, and Michael Backes. 2016. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.
[32]
Michael Larabel. 2017. Glibc Rolls Out Support For Memory Protection Keys. https://www.phoronix.com/scan.php?page=news_item&px=Glibc-Memory-Protection-Keys.
[33]
Microsoft Support. 2017. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in.
[34]
Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida. 2016. Poking Holes in Information Hiding. In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.
[35]
Jannik Pewny, Philipp Koppe, Lucas Davi, and Thorsten Holz. 2017. Breaking and Fixing Destructive Code Read Defenses. In Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Abu Dhabi, UAE, 55--67.
[36]
Hovav Shacham. 2007. The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security. Alexandria, VA.
[37]
K. Z. Snow, R. Rogowski, J. Werner, H. Koo, F. Monrose, and M. Polychronakis. 2016. Return to the Zombie Gadgets: Undermining Destructive Code Reads via Code Inference Attacks. In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.
[38]
Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2015. Heisenbyte: Thwarting memory disclosure attacks using destructive code reads. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.
[39]
Zhe Wang, Chenggang Wu, Jianjun Li, Yuanming Lai, Xiangyu Zhang, Wei-Chung Hsu, and Yueqiang Cheng. 2017. Reranz: A Light-weight Virtual Machine to Mitigate Memory Disclosure Attacks. In Proceedings of the 13th International Conference on Virtual Execution Environments (VEE). Xi'an, China.
[40]
Bryan C Ward, Richard Skowyra, Chad Spensky, Jason Martin, and Hamed Okhravi. 2019. The Leakage-Resilience Dilemma. In Proceedings of the 24th European Symposium on Research in Computer Security (ESORICS). Luxembourg.
[41]
David Williams-King, Graham Gobieski, Kent Williams-King, James P Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and Deployable Continuous Code Re-Randomization. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Savannah, GA.

Cited By

View all
  • (2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
  • (2022)HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00039(520-536)Online publication date: Jun-2022

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SYSTOR '20: Proceedings of the 13th ACM International Systems and Storage Conference
May 2020
118 pages
ISBN:9781450375887
DOI:10.1145/3383669
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2020

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Code Randomization
  2. Code Reuse
  3. Code Sharing
  4. Return-Oriented Programming

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • US Office of Naval Research

Conference

SYSTOR '20
Sponsor:

Acceptance Rates

Overall Acceptance Rate 108 of 323 submissions, 33%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)16
  • Downloads (Last 6 weeks)4
Reflects downloads up to 30 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
  • (2022)HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP53844.2022.00039(520-536)Online publication date: Jun-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media