Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing
نویسندگان
چکیده
The latest effective defense against code reuse attacks is fine-grained, per-process memory randomization. However, such process randomization prevents code sharing since there is no longer any identical code to share between processes. Without shared libraries, however, tremendous memory savings are forfeit. This drawback may hinder the adoption of fine-grained memory randomization. We present Oxymoron, a secure fine-grained memory randomization technique on a per-process level that does not interfere with code sharing. Executables and libraries built with Oxymoron feature ‘memory-layout-agnostic code’, which runs on a commodity Linux. Our theoretical and practical evaluations show that Oxymoron is the first solution to be secure against just-in-time code reuse attacks and demonstrate that fine-grained memory randomization is feasible without forfeiting the enormous memory savings of shared libraries.
منابع مشابه
Runtime Code Reuse Attacks: A Dynamic Framework Bypassing Fine-Grained Address Space Layout Randomization
Fine-grained address space layout randomization has recently been proposed as a method of efficiently mitigating ROP attacks. In this paper, we introduce a design and implementation of a framework based on a runtime strategy that undermines the benefits of fine-grained ASLR. Specifically, we abuse a memory disclosure to map an application’s memory layout on-the-fly, dynamically discover gadgets...
متن کاملIsomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effectively mitigate code reuse attacks. However, a recent attack strategy, dubbed just-in-time return oriented programming (JIT-ROP), circumvents code randomization by disclosing the (randomized) content of many memory pages at runtime. In order to remedy this situation, new and improved code randomi...
متن کاملOpaque Control-Flow Integrity
A new binary software randomization and ControlFlow Integrity (CFI) enforcement system is presented, which is the first to efficiently resist code-reuse attacks launched by informed adversaries who possess full knowledge of the inmemory code layout of victim programs. The defense mitigates a recent wave of implementation disclosure attacks, by which adversaries can exfiltrate in-memory code det...
متن کاملSupport for Fine Grained Dependent Tasks in OpenMP
OpenMP is widely used for shared memory parallel programming and is especially useful for the parallelisation of loops. When it comes to task parallelism, however, OpenMP is less powerful and the sections construct lacks support for dependences and fine grained tasks. This paper proposes a new work-sharing construct, tasks, which is a generalisation of sections. It goes beyond sections by allow...
متن کاملRun-Time Support for Distributed Sharing in Typed Languages
We present a new run-time system for typed programming languages that supports object sharing in a distributed system. The key insight in this system is that the ability to distinguish pointers from data at run-time enables efficient and transparent sharing of data with both fine-grained and coarse-grained access patterns. In contrast, conventional distributed shared memory (DSM) systems that s...
متن کامل