Aggrandizing the beast's limbs: patulous code reuse attack on ARM architecture

ISC Int. J. Inf. Secur. Pub Date : 2016-01-23 DOI:10.22042/isecure.2016.8.1.6

Farzane Aminmansour, H. Shahriari

{"title":"Aggrandizing the beast's limbs: patulous code reuse attack on ARM architecture","authors":"Farzane Aminmansour, H. Shahriari","doi":"10.22042/isecure.2016.8.1.6","DOIUrl":null,"url":null,"abstract":"Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Currently, three types of CRAs are proposed on ARM architecture including Return2ZP, ROP, and BLX-attack, in accordance to three sub-models available on X86 Ret2Libc, ROP, and JOP. In this paper, we have considered some unique aspects of ARM architecture to provide a general model for code reuse attacks called Patulous Code Reuse Attack (PCRA). Our attack applies all available machine instructions that change Program Counter (PC), as well as direct or indirect branches in order to deploy the principles of CRA convention. We have demonstrated the effectiveness of our approach by defining five different sub-models of PCRA, explaining the algorithm of finding PCRA gadgets, introducing a useful set of gadgets, and providing a sample proof of concept exploit on Android 4.4 platform. © 2016 ISC. All rights reserved.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22042/isecure.2016.8.1.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Currently, three types of CRAs are proposed on ARM architecture including Return2ZP, ROP, and BLX-attack, in accordance to three sub-models available on X86 Ret2Libc, ROP, and JOP. In this paper, we have considered some unique aspects of ARM architecture to provide a general model for code reuse attacks called Patulous Code Reuse Attack (PCRA). Our attack applies all available machine instructions that change Program Counter (PC), as well as direct or indirect branches in order to deploy the principles of CRA convention. We have demonstrated the effectiveness of our approach by defining five different sub-models of PCRA, explaining the algorithm of finding PCRA gadgets, introducing a useful set of gadgets, and providing a sample proof of concept exploit on Android 4.4 platform. © 2016 ISC. All rights reserved.

查看原文本刊更多论文

强化野兽的四肢:对ARM架构的扩展代码重用攻击

由于智能手机通常是充满私人信息的个人设备，因此它们是代码重用攻击(CRA)等各种现实世界攻击的热门目标。cra允许攻击者在不注入可执行代码的情况下在设备上执行任意算法。由于移动设备的标准平台是ARM架构，我们专注于可用的基于ARM的cra。目前ARM架构上提出了Return2ZP、ROP和BLX-attack三种类型的cra，按照X86的Ret2Libc、ROP和JOP三种子模型。在本文中，我们考虑了ARM架构的一些独特方面，为代码重用攻击提供了一个通用模型，称为扩展代码重用攻击(PCRA)。我们的攻击适用于改变程序计数器(PC)的所有可用机器指令，以及直接或间接分支，以部署CRA约定的原则。我们通过定义PCRA的五个不同子模型，解释查找PCRA小工具的算法，介绍一组有用的小工具，并提供Android 4.4平台上的概念验证示例，证明了我们方法的有效性。©2016 isc。版权所有。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ISC Int. J. Inf. Secur.

自引率

0.00%

发文量