Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing

The latest effective defense against code reuse attacks is fine-grained, per-process memory randomization. However, such process randomization prevents code sharing since there is no longer any identical code to share between processes. Without shared libraries, however, tremendous memory savings are forfeit. This drawback may hinder the adoption of fine-grained memory randomization. We present Oxymoron, a secure fine-grained memory randomization technique on a per-process level that does not interfere with code sharing. Executables and libraries built with Oxymoron feature 'memory-layout-agnostic code', which runs on a commodity Linux. Our theoretical and practical evaluations show that Oxymoron is the first solution to be secure against just-in-time code reuse attacks and demonstrate that fine-grained memory randomization is feasible without forfeiting the enormous memory savings of shared libraries.

[1]  Cristiano Giuffrida,et al.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization , 2012, USENIX Security Symposium.

[2]  Derek Bruening,et al.  Efficient, transparent, and comprehensive runtime code manipulation , 2004 .

[3]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[4]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[5]  Steve J. Chapin,et al.  Address-space layout randomization using code islands , 2009, J. Comput. Secur..

[6]  Ahmad-Reza Sadeghi,et al.  Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[7]  Ahmad-Reza Sadeghi,et al.  MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones , 2012, NDSS.

[8]  Michael Franz,et al.  Compiler-Generated Software Diversity , 2011, Moving Target Defense.

[9]  Xuxian Jiang,et al.  On the Expressiveness of Return-into-libc Attacks , 2011, RAID.

[10]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[11]  Hovav Shacham,et al.  The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[12]  Mathias Payer,et al.  Control-Flow Integrity , 2017, ACM Comput. Surv..

[13]  Herbert Bos,et al.  Memory Errors: The Past, the Present, and the Future , 2012, RAID.

[14]  Amitabh Srivastava,et al.  Analysis Tools , 2019, Public Transportation Systems.

[15]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[16]  Daniel C. DuVarney,et al.  Efficient Techniques for Comprehensive Protection from Memory Error Exploits , 2005, USENIX Security Symposium.

[17]  Emery D. Berger,et al.  STABILIZER: statistically sound performance evaluation , 2013, ASPLOS '13.

[18]  Ahmad-Reza Sadeghi,et al.  Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and ARM , 2013, ASIA CCS '13.

[19]  Jack W. Davidson,et al.  ILR: Where'd My Gadgets Go? , 2012, 2012 IEEE Symposium on Security and Privacy.

[20]  Michael Franz,et al.  E unibus pluram: massive-scale software diversity as a defense mechanism , 2010, NSPW '10.

[21]  Peng Ning,et al.  Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[22]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.

[23]  Koen De Bosschere,et al.  Link-time binary rewriting techniques for program compaction , 2005, TOPL.