A Practical Approach for Adaptive Data Structure Layout Randomization
نویسندگان
چکیده
Attackers often corrupt data structures to compromise software systems. As a countermeasure, data structure layout randomization has been proposed. Unfortunately, existing techniques require manual designation of randomize-able data structures without guaranteeing the correctness and keep the layout unchanged at runtime. We present a system, called SALADS, that automatically translates a program to a DSSR (Data Structure Self-Randomizing) program. At runtime, a DSSR program dynamically randomizes the layout of each security-sensitive data structure by itself autonomously. DSSR programs regularly re-randomize a data structure when it has been accessed several times after last randomization. More importantly, DSSR programs automatically determine the randomizability of instances and randomize each instance independently. We have implemented SALADS based on gcc-4.5.0 and generated DSSR user-level applications, OS kernels, and hypervisors. Our experiments show that the DSSR programs can defeat a wide range of attacks with reasonable performance overhead.
منابع مشابه
Study on implementation of one-piece lean line design using simulation techniques: A practical approach
This paper discusses the simulation study carried out for proposing one-piece lean line layout with features of Lean Manufacturing. The lean initiatives that can be addressed are, introducing Kanban replenishment sys-tem, better work-in-process, changing the layout, visual management techniques, standardized work for the re-duction of cycle time, number of workers, number of setups. To improve ...
متن کاملLayout Randomization and Nondeterminism
In security, layout randomization is a popular, effective attack mitigation technique. Recent work has aimed to explain it rigorously, focusing on deterministic systems. In this paper, we study layout randomization in the presence of nondeterministic choice. We develop a semantic approach based on denotational models and simulation relations. This approach abstracts from language details, and h...
متن کاملDocument Content Layout Based Exploit Protections
Malware laden documents are a common exploit vector, especially in targeted attacks. Most current approaches seek to detect the malicious attributes of documents whether through signature matching, dynamic analysis, or machine learning. We take a different approach: we perform transformations on documents that render exploits inoperable while maintaining the visual interpretation of the documen...
متن کاملImproving the Performance of Route Control
Multihomed subscribers are increasingly adopting intelligent route control solutions to optimize the cost and end-to-end performance of the traffic routed among the different links connecting their networks to the Internet. Until recently, IRC practices were not considered adverse, but new studies show that in a competitive environment, they can lead to persistent traffic oscillations, causing ...
متن کاملStack Layout Randomization with Minimal Rewriting of Android Binaries
Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable o...
متن کامل