Full Program »
Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks
Code diversification, combined with execute-only memory, provides an effective defense against just-in-time code reuse attacks. However, combining code diversification and hardware-assisted memory protections in most existing techniques typically requires compiler support, as well as the deployment or modification of a hypervisor. These requirements often cannot be met, either because source code is not available, or because the required hardware features may not be available on the target system. In this paper we present SECRET, a software hardening technique tailored to legacy and closed-source software that provides equivalent protection to execute-only memory without relying on hardware features or recompilation. This is achieved using two novel techniques, code space isolation and code pointer remapping, which prevent read accesses to the executable memory of the protected code. Furthermore, SECRET thwarts code pointer harvesting attacks by remapping existing code pointers to use random values. Our evaluation shows that SECRET introduces only up to 2% additional runtime overhead on top of a state-of-the-art binary-level CFI implementation, bringing the total average overhead to 15.64% and 14.48% for 32-bit and 64-bit systems, respectively. In addition, it achieves better protection coverage compared to compiler-level techniques, as it can handle low-level machine code such as inline assembly or extra code introduced by the linker and loader.