ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection

Adversaries get software to do bad things by rewriting memory and changing control ow. Current approaches to protecting against these attacks leave many exposures; for example, OS-level lesystem protection and OS/architecture support of the userspace/kernelspace distinction fail to protect corrupted userspace code from changing userspace data. In this paper we present a new approach: using the ELF/ABI sections already produced by the standard binary toolchain to dene, specify, and enforce ne-grained policy within an application’s address space. We experimentally show that enforcement of such policies would stop a large body of current attacks and discuss ways we could extend existing architecture to more eciently provide such enforcement. Our approach is designed to work with existing ELF executables and the GNU build chain, but it can be extended into the compiler toolchains to support code annotations that take advantage of ELFbac enforcement|while maintaining full compatibility with the existing ELF ABI.

[1]  Frank Piessens,et al.  Fides: selectively hardening software application components against kernel-level or process-level malware , 2012, CCS '12.

[2]  David L. Cohn,et al.  Protected shared libraries: a new approach to modularity and sharing , 1997 .

[3]  Sergey Bratus,et al.  SegSlice: Towards a New Class of Secure Programming Primitives for Trustworthy Platforms , 2010, TRUST.

[4]  Krste Asanovic,et al.  Mondrix: memory isolation for linux using mondriaan memory protection , 2005, SOSP '05.

[5]  Adam Barth,et al.  The Security Architecture of the Chromium Browser , 2009 .

[6]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[7]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[8]  Cheating the ELF Subversive Dynamic Linking to Libraries the grugq , 2001 .

[9]  Sergey Bratus,et al.  TOCTOU, Traps, and Trusted Computing , 2008, TRUST.

[10]  Peter Loscocco,et al.  Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[11]  Richard McDougall,et al.  Solaris Internals: Solaris 10 and OpenSolaris Kernel Architecture , 2006 .

[12]  Sergey Bratus,et al.  New Directions for Hardware-assisted Trusted Computing Policies (Position Paper) , 2009 .

[13]  T. Chiueh,et al.  Integrating segmentation and paging protection for safe, efficient and transparent software extensions , 2000, OPSR.

[14]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[15]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[16]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[17]  Fred P. Brooks,et al.  The Mythical Man-Month , 1975, Reliable Software.