Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Code Shredding: Byte-Granular Randomization of Program Layout for Detecting Code-Reuse Attacks

Code-reuse attacks by corrupting memory address pointers have been a major threat of software for many years. There have been numerous defenses proposed for countering these threats, but majority of them impose strict restrictions on software deployment such as requiring recompilation with a custom compiler, or causing integrity problems due to program modification. One notable exception is ASLR(address space layout randomization) which is a widespread defense free of such burdens, but is also known to be penetrated by a class of attacks that takes advantage of its coarse randomization granularity. Focusing on minimizing randomization granularity while also possessing these advantages of ASLR to the greatest extent, we propose a novel defensive approach called code shredding: a defensive scheme based on the idea of embedding checksum value of a memory address as a part of itself. Its simple yet effective approach hinders designation of specific address used in code-reuse attacks, by giving attackers an illusion of program code that is shredded into pieces at byte granularity and are dispersed randomly over memory space. We have designed and implemented a proof-of-concept prototype system for the Windows platform and conducted several experiments to confirm its feasibility and performance overheads.

Author(s):

Eitaro Shioji    
NTT Corporation
Japan

Yuhei Kawakoya    
NTT Corporation
Japan

Makoto Iwamura    
NTT Corporation
Japan

Takeo Hariu    
NTT Corporation
Japan

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC