Transparent runtime randomization for security

A large class of security attacks exploit software implementation vulnerabilities such as unchecked buffers. This paper proposes transparent runtime randomization (TRR), a generalized approach for protecting against a wide range of security attacks. TRR dynamically and randomly relocates a program's stack, heap, shared libraries, and parts of its runtime control data structures inside the application memory address space. Making a program's memory layout different each time it runs foils the attacker's assumptions about the memory layout of the vulnerable program and makes the determination of critical address values difficult if not impossible. TRR is implemented by changing the Linux dynamic program loader, hence it is transparent to applications. We demonstrate that TRR is effective in defeating real security attacks, including malloc-based heap overflow, integer overflow, and double-free attacks, for which effective prevention mechanisms are yet to emerge. Furthermore, TRR incurs less than 9% program startup overhead and no runtime overhead.

[1]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[2]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[3]  Amgad Fayad,et al.  Diversity as a Defense Strategy in Information , 2001 .

[4]  Crispin Cowan,et al.  FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.

[5]  Murray Hill,et al.  Lint, a C Program Checker , 1978 .

[6]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[7]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[8]  Calton Pu,et al.  A Specialization Toolkit to Increase the Diversity of Operating Systems , 1996 .

[9]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[10]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[11]  Amgad Fayad,et al.  Diversity as a defense strategy in information systems. Does evidence from previous events support such an approach? , 2001, IICIS.

[12]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[13]  Algirdas A. Avi The Methodology of N-Version Programming , 1995 .

[14]  Calton Pu,et al.  Optimistic incremental specialization: streamlining a commercial operating system , 1995, SOSP.

[15]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.