NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64
作者: Yaohui Chen , Dongli Zhang , Ruowen Wang , Rui Qiao , Ahmed M. Azab
DOI: 10.1109/SP.2017.30
关键词: Memory footprint 、 Code reuse 、 Debugging 、 Address space layout randomization 、 Compiler 、 Embedded system 、 Computer science 、 Source code
摘要: Code reuse attacks exploiting memory disclosure vulnerabilities can bypass all deployed mitigations. One promising defense against this class of is to enable execute-only (XOM) protection on top fine-grained address space layout randomization (ASLR). However, recent works implementing XOM, despite their efficacy, only protect programs that have been (re)built with new compiler support, leaving commercial-off-the-shelf (COTS) binaries and source-unavailable unprotected. We present the design implementation NORAX, a practical system retrofits XOM into stripped COTS AArch64 platforms. Unlike previous techniques, NORAX requires neither source code nor debugging symbols. statically transforms existing so during runtime sections be loaded pages embedded data relocated references properly updated. allows transformed leverage hardware-based support—a feature widely available platforms (e.g., mobile devices) yet virtually unused due incompatibility binaries. Furthermore, designed co-exist other binary hardening such as in-place (IPR). apply commonly used Android running SAMSUNG Galaxy S6 LG Nexus 5X devices. The results show average slows down execution by 1.18% increases footprint 2.21%, suggesting for real-world adoption.
sci-hub.se 参考文章(40)
Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu, Bhavani Thuraisingham, Differentiating Code from Data in x86 Binaries Machine Learning and Knowledge Discovery in Databases. pp. 522- 536 ,(2011) , 10.1007/978-3-642-23808-6_34
Antonio Barresi, David Wagner, Thomas R. Gross, Mathias Payer, Nicolas Carlini, Control-flow bending: on the effectiveness of control-flow integrity usenix security symposium. pp. 161- 176 ,(2015)
Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, Thorsten Holz, Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications 2015 IEEE Symposium on Security and Privacy. pp. 745- 762 ,(2015) , 10.1109/SP.2015.51
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Efficient techniques for comprehensive protection from memory error exploits usenix security symposium. pp. 17- 17 ,(2005)
Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, Michael Franz, Readactor: Practical Code Randomization Resilient to Memory Disclosure 2015 IEEE Symposium on Security and Privacy. pp. 763- 780 ,(2015) , 10.1109/SP.2015.52
Fabian Monrose, Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi, Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection usenix security symposium. pp. 401- 416 ,(2014)
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike, Enforcing forward-edge control-flow integrity in GCC & LLVM usenix security symposium. pp. 941- 955 ,(2014)
Mingwei Zhang, R. Sekar, Control flow integrity for COTS binaries usenix security symposium. pp. 337- 352 ,(2013)
C. Cifuentes, M. Van Emmerik, Recovery of jump table case statements from binary code workshop on program comprehension. pp. 192- 199 ,(1999) , 10.1109/WPC.1999.777758
K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A. Sadeghi, Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization ieee symposium on security and privacy. pp. 574- 588 ,(2013) , 10.1109/SP.2013.45