Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Code Shredding: Byte-Granular Randomization of Program Layout for Detecting Code-Reuse Attacks

Paper
View File
pdf
390KB

Eitaro Shioji
NTT Corporation
Japan

Yuhei Kawakoya
NTT Corporation
Japan

Makoto Iwamura
NTT Corporation
Japan

Takeo Hariu
NTT Corporation
Japan

Abstract:
Code-reuse attacks by corrupting memory address pointers have been a major threat of software for many years. There have been numerous defenses proposed for countering these threats, but majority of them impose strict restrictions on software deployment such as requiring recompilation with a custom compiler, or causing integrity problems due to program modification. One notable exception is ASLR(address space layout randomization) which is a widespread defense free of such burdens, but is also known to be penetrated by a class of attacks that takes advantage of its coarse randomization granularity. Focusing on minimizing randomization granularity while also possessing these advantages of ASLR to the greatest extent, we propose a novel defensive approach called code shredding: a defensive scheme based on the idea of embedding checksum value of a memory address as a part of itself. Its simple yet effective approach hinders designation of specific address used in code-reuse attacks, by giving attackers an illusion of program code that is shredded into pieces at byte granularity and are dispersed randomly over memory space. We have designed and implemented a proof-of-concept prototype system for the Windows platform and conducted several experiments to confirm its feasibility and performance overheads.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC