Accession Number:

AD1033699

Title:

Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Personal Author(s):

• Dedhia,Veer S
• Sadeghi,Ahmad-Reza
• Skowyra,Richard W
• Bigelow,David
• Rudd,Robert A
• Okhravi,Hamed
• Hobson,Thomas
• Crane,Stephen
• Liebchen,Christopher
• Larsen,Per
• Davi,Lucas
• Franz,Michael

Report Date:

2016-05-30

Pagination or Media Count:

18.0

Abstract:

Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage i execute-only permissions on memory accesses, ii code pointer hiding e.g., indirection or encryption, and iii decoys e.g., booby traps. Among the proposed leakage-resilient defenses, Readactor is the most comprehensive solution that combines all these techniques. In this paper, we conduct a systematic analysis of recently proposed execute only randomization solutions including Readactor, and demonstrate a new class of attacks that bypasses them generically, highlighting their limitations. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits to demonstrate their practicality. We then implement and evaluate a new defense against our attacks. Our evaluation shows that our new technique is practical and adds little additional performance overhead 9.7 vs. 6.4.

Descriptors:

• computer programming
• computer programs
• cryptography
• coding
• vulnerability

Subject Categories:

• Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE