Abstract
The basic observation is that an adversary typically generates an attack vector and aims to simultaneously compromise as many systems as possible using the same attack vector (i.e., one attack payload). To mitigate this so-called ultimate attack, Cohen proposes to diversify a software program into multiple and different instances while each instance still covers the entire semantics of the root software program. The goal is to force the adversary to tailor a specific attack vector/payload for each software instance and computer system making the attack tremendously expensive.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Note that we use both terms interchangeably.
References
Backes, M., Nürnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: Proceedings of the 23rd USENIX Security Symposium (2014). http://dl.acm.org/citation.cfm?id=2671225.2671253
Backes, M., Holz, T., Kollenda, B., Koppe, P., Nürnberger, S., Pewny, J.: You can run but you can’t read: Preventing disclosure exploits in executable code. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS’14 (2014). http://doi.acm.org/10.1145/2660267.2660378
Barrantes, E.G., Ackley, D.H., Palmer, T.S., Stefanovic, D., Zovi, D.D.: Randomized instruction set emulation to disrupt binary code injection attacks. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS’03 (2003). http://doi.acm.org/10.1145/948109.948147
Bhatkar, S., DuVarney, D., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium (2003). http://dl.acm.org/citation.cfm?id=1251353.1251361
Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proceedings of the 14th USENIX Security Symposium (2005). http://dl.acm.org/citation.cfm?id=1251398.1251415
Bittau, A., Belay, A., Mashtizadeh, A., Mazières, D., Boneh, D.: Hacking blind. In: Proceedings of the 35th IEEE Symposium on Security and Privacy, SP’14 (2014). http://dx.doi.org/10.1109/SP.2014.22
Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993). doi:10.1016/0167-4048(93)90054-9
Crane, S., Liebchen, C., Homescu, A., Davi, L., Larsen, P., Sadeghi, A.R., Brunthaler, S., Franz, M.: Readactor: practical code randomization resilient to memory disclosure. In: Proceedings of the 36th IEEE Symposium on Security and Privacy, SP’15 (2015). doi:10.1109/SP.2015.52
Davi, L., Dmitrienko, A., Nürnberger, S., Sadeghi, A.R.: Gadge me if you can - secure and efficient ad-hoc instruction-level randomization for x86 and ARM. In: Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security, ASIACCS’13 (2013). http://doi.acm.org/10.1145/2484313.2484351
Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: Code randomization resilient to (just-in-time) return-oriented programming. In: Proceedings of the 22nd Annual Network and Distributed System Security Symposium, NDSS’15 (2015). http://www.internetsociety.org/doc/isomeron-code-randomization-resilient-just-time-return-oriented-programming
Forrest, S., Somayaji, A., Ackley, D.: Building diverse computer systems. In: Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), HOTOS’97 (1997). http://dl.acm.org/citation.cfm?id=822075.822408
Franz, M.: E unibus pluram: massive-scale software diversity as a defense mechanism. In: Proceedings of the 2010 Workshop on New Security Paradigms, NSPW’10 (2010). http://doi.acm.org/10.1145/1900546.1900550
Fresi Roglia, G., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: Proceedings of the 25th Annual Computer Security Applications Conference, ACSAC’09 (2009). http://dx.doi.org/10.1109/ACSAC.2009.16
gera: Advances in format string exploitation. Phrack Mag. 59(12) (2002). http://www.phrack.com/issues.html?issue=59&id=7
Gionta, J., Enck, W., Ning, P.: HideM: protecting the contents of userspace memory in the face of disclosure vulnerabilities. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY’15 (2015). http://doi.acm.org/10.1145/2699026.2699107
Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: Proceedings of the 21st USENIX Security Symposium (2012). http://dl.acm.org/citation.cfm?id=2362793.2362833
Gupta, A., Kerr, S., Kirkpatrick, M., Bertino, E.: Marlin: a fine grained randomization approach to defend against ROP attacks. In: Network and System Security. Lecture Notes in Computer Science, vol. 7873 (2013). http://dx.doi.org/10.1007/978-3-642-38631-2_22
Hiser, J.D., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: ILR: Where’d my gadgets go? In: Proceedings of the 33rd IEEE Symposium on Security and Privacy, SP’12 (2012). http://dx.doi.org/10.1109/SP.2012.39
Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Librando: transparent code randomization for just-in-time compilers. In: Proceedings of the 20th ACM Conference on Computer and Communications Security, CCS’13 (2013). http://doi.acm.org/10.1145/2508859.2516675
Homescu, A., Neisius, S., Larsen, P., Brunthaler, S., Franz, M.: Profile-guided automated software diversity. In: Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization, CGO’13 (2013). http://dx.doi.org/10.1109/CGO.2013.6494997
Jackson, T., Salamat, B., Homescu, A., Manivannan, K., Wagner, G., Gal, A., Brunthaler, S., Wimmer, C., Franz, M.: Compiler-generated software diversity. In: Moving Target Defense. Advances in Information Security, vol. 54. Springer, New York (2011). http://dx.doi.org/10.1007/978-1-4614-0977-9_4
Jackson, T., Homescu, A., Crane, S., Larsen, P., Brunthaler, S., Franz, M.: Diversifying the software stack using randomized NOP insertion. In: Moving Target Defense II. Advances in Information Security, vol. 100. Springer, New York (2013). http://dx.doi.org/10.1007/978-1-4614-5416-8_8
Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS’03 (2003). http://doi.acm.org/10.1145/948109.948146
Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC’06 (2006). http://dx.doi.org/10.1109/ACSAC.2006.9
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: Proceedings of the 35th IEEE Symposium on Security and Privacy, SP’14 (2014). http://dx.doi.org/10.1109/SP.2014.25
Liu, L., Han, J., Gao, D., Jing, J., Zha, D.: Launching return-oriented programming attacks against randomized relocatable executables. In: Proceedings of the 10th International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM’11 (2011). http://dx.doi.org/10.1109/TrustCom.2011.9
Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy, SP’12 (2012). http://dx.doi.org/10.1109/SP.2012.41
PaX Team: PaX address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt
Serna, F.J.: CVE-2012-0769, the case of the perfect info leak. http://zhodiac.hispahack.com/my-stuff/security/Flash_ASLR_bypass.pdf (2012)
Shacham, H., Jin Goh, E., Modadugu, N., Pfaff, B., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS’04 (2004). http://doi.acm.org/10.1145/1030083.1030124
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 34th IEEE Symposium on Security and Privacy, SP’13 (2013). http://dx.doi.org/10.1109/SP.2013.45. Received the Best Student Paper Award
Sotirov, A., Dowd, M.: Bypassing browser memory protections in Windows Vista. http://www.phreedom.org/research/bypassing-browser-memory-protections/ (2008). Presented at Black Hat 2008
Sovarel, A.N., Evans, D., Paul, N.: Where’s the FEEB? The effectiveness of instruction set randomization. In: Proceedings of the 14th USENIX Security Symposium (2005). http://dl.acm.org/citation.cfm?id=1251398.1251408
Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS’12 (2012). http://doi.acm.org/10.1145/2382196.2382216
Weiss, Y., Barrantes, E.G.: Known/chosen key attacks against software instruction set randomization. In: Proceedings of the 22nd Annual Computer Security Applications Conference, ACSAC’06 (2006). http://dx.doi.org/10.1109/ACSAC.2006.33
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2015 The Author(s)
About this chapter
Cite this chapter
Davi, L., Sadeghi, AR. (2015). Building Code Randomization Defenses. In: Building Secure Defenses Against Code-Reuse Attacks. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-25546-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-25546-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25544-6
Online ISBN: 978-3-319-25546-0
eBook Packages: Computer ScienceComputer Science (R0)