Beasty Memories: The Quest for Practical Defense against Code Reuse Attacks

Workshop on Trustworthy Embedded Devices Pub Date : 2014-11-03 DOI:10.1145/2666141.2668386

A. Sadeghi, Lucas Davi

{"title":"Beasty Memories: The Quest for Practical Defense against Code Reuse Attacks","authors":"A. Sadeghi, Lucas Davi","doi":"10.1145/2666141.2668386","DOIUrl":null,"url":null,"abstract":"Code reuse attacks such as return-oriented programming (ROP) are predominant attack techniques that are extensively used to exploit vulnerabilities in modern software programs. ROP maliciously combines short instruction sequences (gadgets) residing in shared libraries and the application's executable to bypass data execution prevention (DEP) and launch targeted exploits. ROP attacks apply to many processor architectures from Intel x86 [1] to tiny embedded systems [2]. As a consequence, a variety of defenses have been proposed over the last few years - most prominently code randomization (ASLR) and control-flow integrity (CFI). Particularly, constructing practical CFI schemes has become a hot topic of research recently. In this talk, we present the evolution of return-oriented programming (ROP) attacks and defenses. We first give an overview of ROP attacks and techniques. Second, we investigate the security of software diversity based approaches such as finegrained code randomization [3]. Third, we dive deeper and focus on control-flow integrity (CFI) and show how to bypass all recent (coarse-grained) CFI solutions, including Microsoft's defense tool EMET [4]. Finally, we discuss new research directions to mitigate code reuse attacks, including our current work on hardware-assisted fine-grained control-flow integrity [5]. Part of this research [3-5] was conducted in collaboration with A. Dmitrienko, D. Lehmann, C. Liebchen, P. Koeberl, F. Monrose, and K. Z. Snow","PeriodicalId":350304,"journal":{"name":"Workshop on Trustworthy Embedded Devices","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Trustworthy Embedded Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2666141.2668386","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Code reuse attacks such as return-oriented programming (ROP) are predominant attack techniques that are extensively used to exploit vulnerabilities in modern software programs. ROP maliciously combines short instruction sequences (gadgets) residing in shared libraries and the application's executable to bypass data execution prevention (DEP) and launch targeted exploits. ROP attacks apply to many processor architectures from Intel x86 [1] to tiny embedded systems [2]. As a consequence, a variety of defenses have been proposed over the last few years - most prominently code randomization (ASLR) and control-flow integrity (CFI). Particularly, constructing practical CFI schemes has become a hot topic of research recently. In this talk, we present the evolution of return-oriented programming (ROP) attacks and defenses. We first give an overview of ROP attacks and techniques. Second, we investigate the security of software diversity based approaches such as finegrained code randomization [3]. Third, we dive deeper and focus on control-flow integrity (CFI) and show how to bypass all recent (coarse-grained) CFI solutions, including Microsoft's defense tool EMET [4]. Finally, we discuss new research directions to mitigate code reuse attacks, including our current work on hardware-assisted fine-grained control-flow integrity [5]. Part of this research [3-5] was conducted in collaboration with A. Dmitrienko, D. Lehmann, C. Liebchen, P. Koeberl, F. Monrose, and K. Z. Snow

查看原文本刊更多论文

可怕的记忆:对代码重用攻击的实用防御的探索

代码重用攻击，如面向返回的编程(ROP)是主要的攻击技术，广泛用于利用现代软件程序中的漏洞。ROP恶意地将驻留在共享库中的短指令序列(小工具)与应用程序的可执行文件结合起来，以绕过数据执行预防(DEP)并启动目标漏洞利用。从Intel x86[1]到微型嵌入式系统[2]，ROP攻击适用于许多处理器架构。因此，在过去几年中提出了各种防御措施-最突出的是代码随机化(ASLR)和控制流完整性(CFI)。特别是，构建实用的CFI方案已成为近年来的研究热点。在这次演讲中，我们介绍了面向返回的编程(ROP)攻击和防御的演变。我们首先概述了ROP攻击和技术。其次，我们研究了基于软件多样性的方法的安全性，如细粒度代码随机化[3]。第三，我们深入研究并专注于控制流完整性(CFI)，并展示如何绕过所有最近的(粗粒度)CFI解决方案，包括微软的防御工具EMET[4]。最后，我们讨论了减轻代码重用攻击的新研究方向，包括我们目前在硬件辅助的细粒度控制流完整性方面的工作[5]。部分研究[3-5]是与A. Dmitrienko、D. Lehmann、C. Liebchen、P. Koeberl、F. Monrose和K. Z. Snow合作进行的

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Workshop on Trustworthy Embedded Devices

自引率

0.00%

发文量