Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Foundations and Practice of Security

FPS 2016: Foundations and Practice of Security pp 85–93Cite as

Attack Mitigation by Data Structure Randomization

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10128))

Abstract

Address Space Layout Randomization (ASLR) and Control Flow Integrity (CFI) have been regarded as the most effective defenses against control flow hijacking attacks. However, researchers have recently shown that data-oriented attacks can circumvent both ASLR and CFI, and are even Turing-complete. These attacks often leverage encapsulated data structures to achieve malicious behaviors. To defeat data structure oriented attacks (DSOA), we propose data structure layout randomization techniques. Our method not only randomizes the data structure layout at compile time, but also inserts the padding bytes to increase entropy. Experimental results show that our method can defeat DSOA with low performance overhead (2.1% on average).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Openssl speed. http://www.openssl.org/docs/apps/speed.html

  2. Pax aslr documentation. http://pax.grsecurity.net/docs/aslr.txt

  3. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: ACM Conference on Computer and Communications Security (CCS 2005) (2005)

    Google Scholar 

  4. Backes, M., Holz, T., Kollenda, B., Koppe, P., Nürnberger, S., Pewny, J.: You can run but you can’t read: preventing disclosure exploits in executable code. In: ACM SIGSAC Conference on Computer and Communications Security (CCS 2014) (2014)

    Google Scholar 

  5. Backes, M., Nürnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: USENIX Security Symposium (Security 2014) (2014)

    Google Scholar 

  6. Bhatkar, E., Duvarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, pp. 105–120 (2003)

    Google Scholar 

  7. Bhatkar, S., Sekar, R.: Data space randomization. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2008) (2008)

    Google Scholar 

  8. Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proceedings of the 14th Conference on USENIX Security Symposium, Berkeley, CA, USA, vol. 14, p. 17 (2005)

    Google Scholar 

  9. Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI 2006) (2006)

    Google Scholar 

  10. Davi, L., Dmitrienko, A., Egele, M., Fischer, T., Holz, T., Hund, R., Nrnberger, S., Sadeghi, A.-R.: Mocfi: a framework to mitigate control-flow attacks on smartphones. In: Annual Network and Distributed System Security Symposium (NDSS 2012) (2012)

    Google Scholar 

  11. Hu, H., Chua, Z. L., Adrian, S., Saxena, P., Liang, Z.: Automatic generation of data-oriented exploits. In: Proceedings of the 24th USENIX Security Symposium (Security 2015) (2015)

    Google Scholar 

  12. Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: IEEE Symposium on Security and Privacy (Oakland 2016) (2016)

    Google Scholar 

  13. Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: a safe dialect of C. In: General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC 2002 (2002)

    Google Scholar 

  14. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Softbound: highly compatible and complete spatial memory safety for C. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2009) (2009)

    Google Scholar 

  15. Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2002) (2002)

    Google Scholar 

  16. Pax Team: Pax address space layout randomization (aslr). http://pax.grsecurity.net/docs/aslr.txt

  17. Wang, Z., Jiang, X.: Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: IEEE Symposium on Security and Privacy (Oakland 2010) (2010)

    Google Scholar 

  18. Zhang, C., Wei, T., Chen, Z., Duan, L., McCamant, S., Szekeres, L., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: IEEE Symposium on Security and Privacy (Oakland 2013) (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University High School of Indiana, Carmel, USA

    Zhongtian Chen

  2. EMC, Wenzhou, China

    Hao Han

Authors
  1. Zhongtian Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hao Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhongtian Chen .

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. Concordia Inst for Info, Concordia University, Montreal, Québec, Canada

    Lingyu Wang

  3. Cesson-Sevigne, Télécom Bretagne, Cesson Sévigné, France

    Nora Cuppens-Boulahia

  4. Local 3950, pavillon Adrien Pouliot, Université Laval, Quebec, Québec, Canada

    Nadia Tawbi

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Chen, Z., Han, H. (2017). Attack Mitigation by Data Structure Randomization. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51966-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51965-4

  • Online ISBN: 978-3-319-51966-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation