ASLR-guard: Stopping address space leakage for code reuse attacks

Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, Wenke Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

57 Scopus citations

Abstract

A general prerequisite for a code reuse attack is that the attacker needs to locate code gadgets that perform the desired operations and then direct the control flow of a vulnerable application to those gadgets. Address Space Layout Randomization (ASLR) attempts to stop code reuse attacks by making the first part of the prerequisite unsatisfiable. However, research in recent years has shown that this protection is often defeated by commonly existing information leaks, which provides attackers clues about the whereabouts of certain code gadgets. In this paper, we present ASLR-GUARD, a novel mechanism that completely prevents the leaks of code pointers, and render other information leaks (e.g., the ones of data pointers) useless in deriving code address. The main idea behind ASLR-GUARD is to render leak of data pointer useless in deriving code address by separating code and data, provide a secure storage for code pointers, and encode the code pointers when they are treated as data. ASLR-GUARD can either prevent code pointer leaks or render their leaks harmless. That is, ASLR-GUARD makes it impossible to overwrite code pointers with values that point to or will hijack the control flow to a desired address when the code pointers are dereferenced. We have implemented a prototype of ASLR-GUARD, including a compilation toolchain and a C/C++ runtime. Our evaluation results show that (1) ASLR-GUARD supports normal operations correctly; (2) it completely stops code address leaks and can resist against recent sophisticated attacks; (3) it imposes almost no runtime overhead (< 1%) for C/C++ programs in the SPEC benchmark. Therefore, ASLR-GUARD is very practical and can be applied to secure many applications.

Original languageEnglish (US)
Title of host publicationCCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages280-291
Number of pages12
ISBN (Electronic)9781450338325
DOIs
StatePublished - Oct 12 2015
Event22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States
Duration: Oct 12 2015Oct 16 2015

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
Volume2015-October
ISSN (Print)1543-7221

Other

Other22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
CountryUnited States
CityDenver
Period10/12/1510/16/15

Bibliographical note

Funding Information:
We thank TieleiWang, Laszlo Szekeres, Per Larsen and the anonymous reviewers for their helpful feedback, as well as our operations staff for their proofreading efforts. This research was supported by the NSF award CNS-1017265, CNS-0831300, CNS-1149051 and DGE-1500084, by the ONR under grant N000140911042 and N000141512162, by the DHS under contract N66001-12-C-0133, by the United States Air Force under contract FA8650-10-C-7025, by the DARPA Transparent Computing program under contract DARPA-15-15-TC-FP-006, and by the ETRI MSIP/IITP[B0101-15- 0644].

Keywords

  • ASLR
  • Code reuse attack
  • Information leak
  • Randomization

Fingerprint Dive into the research topics of 'ASLR-guard: Stopping address space leakage for code reuse attacks'. Together they form a unique fingerprint.

Cite this