Annual Computer Security Applications Conference (ACSAC) 2017

Full Program »

Breaking and Fixing Destructive Code Read Defenses

Just-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In contrast, destructive code reads (DCR) provide a trade-off between security and legacy compatibility. The common belief is that DCR provides strong protection if combined with a high-entropy code randomization. The contribution of this paper is twofold: first, we demonstrate that DCR can be bypassed regardless of the underlying code randomization scheme. To this end, we show novel, generic attacks that infer the code layout for highly randomized program code. Second, we present the design and implementation of BGDX (Byte-Granular DCR and XOM), a novel mitigation technique that protects legacy binaries against code-inference attacks. BGDX enforces memory permissions on a byte-granular level allowing us to combine DCR and XOM for legacy, off-the-shelf binaries. Our evaluation shows that BGDX is not only effective, but highly efficient, imposing only a geometric mean performance overhead of 3.95 % on SPEC.

Jannik Pewny
HGI, Ruhr-University Bochum
Germany

Philipp Koppe
HGI, Ruhr-University Bochum
Germany

Lucas Davi
University Duisburg-Essen
Germany

Thorsten Holz
HGI, Ruhr-University Bochum
Germany

 

Powered by OpenConf®
Copyright©2002-2017 Zakon Group LLC