Enhancing in-process isolation for robust defense against information disclosure attacks

Abstract

Memory corruption attacks continue to be a critical issue in system security, as defenders and adversaries constantly compete to develop new means to protect or exploit vulnerabilities. To safeguard against these malicious attacks, researchers have developed various methods, such as Address Space Layout Randomization (ASLR) and Stack Canary, to protect sensitive data in the memory. One method in this category is stack isolation, which relocates sensitive objects in the stack to a dedicated “safe region” to enhance security. However, attackers have devised sophisticated methods, like Allocation Oracle, to locate these safe regions, thereby undermining the protection this technique can provide. In response to these threats, we propose Satellite, a novel method that securely defends against memory corruption and information disclosure attacks by effectively protecting the safe region. Satellite ensures that return addresses stored in the safe region are safeguarded from typical vulnerabilities like buffer overflows. Moreover, our method counters information disclosure attacks, as it continuously modifies the memory layout at runtime, thus making it difficult for attackers to pinpoint the safe region. Satellite also works within the LLVM compiler framework and can, therefore, seamlessly support general C/C++ programs. To address potential compatibility issues, we develop supplementary libraries that enhance the flexibility of compiler instrumentation and evaluate the performance and effectiveness of Satellite with benchmark programs such as SPEC CPU2006 and SPEC CPU2017. We also test the impact of our proposed method on real-world applications, including the Nginx web server and the ProFTPD FTP server. Our results demonstrate that Satellite imposes a performance overhead of less than 1%, making it an efficient and effective solution for enhancing stack memory safety.