Accession Number : AD1033825


Title :   Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization


Descriptive Note : Technical Report


Corporate Author : MIT Lincoln Laboratory Lexington United States


Personal Author(s) : Okhravi,Hamed ; Rudd,Robert A ; Bigelow,David ; Skowyra,Richard W ; Dedhia,Veer S ; Hobson,Thomas ; Crane,Stephen ; Liebchen,Christopher ; Larsen,Per ; Davi,Lucas ; Franz,Michael ; Sadeghi,Ahmad-Reza


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1033825.pdf


Report Date : 30 Mar 2016


Pagination or Media Count : 19


Abstract : Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage: (i) execute-only permissions on memory accesses, (ii) code pointer hiding(e.g., indirection or encryption), and (iii) decoys (e.g., booby traps). Among the proposed leakage-resilient defenses, Read actor is the most comprehensive solution that combines all these techniques. In this paper, we conduct a systematic analysis of recently proposed execute only randomization solutions including Read actor, and demonstrate a new class of attacks that bypasses them generically, highlighting their limitations. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits to demonstrate their practicality. We then implement and evaluate a new defense against our attacks. Our evaluation shows that our new technique is practical and adds little additional performance overhead (9.7% vs. 6.4%).


Descriptors :   computer programming , object oriented programming , relational database management systems , cryptography , procedural programming language , malware


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE