Full Program »
Code-reuse attacks by corrupting memory address pointers have been a major threat of software for many years. There have been numerous defenses proposed for countering these threats, but majority of them impose strict restrictions on software deployment such as requiring recompilation with a custom compiler, or causing integrity problems due to program modification. One notable exception is ASLR(address space layout randomization) which is a widespread defense free of such burdens, but is also known to be penetrated by a class of attacks that takes advantage of its coarse randomization granularity. Focusing on minimizing randomization granularity while also possessing these advantages of ASLR to the greatest extent, we propose a novel defensive approach called code shredding: a defensive scheme based on the idea of embedding checksum value of a memory address as a part of itself. Its simple yet effective approach hinders designation of specific address used in code-reuse attacks, by giving attackers an illusion of program code that is shredded into pieces at byte granularity and are dispersed randomly over memory space. We have designed and implemented a proof-of-concept prototype system for the Windows platform and conducted several experiments to confirm its feasibility and performance overheads.
Author(s):
Eitaro Shioji
NTT Corporation
Japan
Yuhei Kawakoya
NTT Corporation
Japan
Makoto Iwamura
NTT Corporation
Japan
Takeo Hariu
NTT Corporation
Japan