Aggrandizing the beast's limbs: patulous code reuse attack on ARM architecture
Authors
Abstract:
Since smartphones are usually personal devices full of private information, they are a popular target for a vast variety of real-world attacks such as Code Reuse Attack (CRA). CRAs enable attackers to execute any arbitrary algorithm on a device without injecting an executable code. Since the standard platform for mobile devices is ARM architecture, we concentrate on available ARM-based CRAs. Currently, three types of CRAs are proposed on ARM architecture including Return2ZP, ROP, and BLX-attack in accordance to three sub-models available on X86. Ret2Libc, ROP, and JOP. In this paper, we have considered some unique aspects of ARM architecture to provide a general model for code reuse attacks called Patulous Code Reuse Attack (PCRA). Our attack applies all available machine instructions that change Program Counter (PC) as well as direct or indirect branches in order to deploy the principles of CRA convention. We have demonstrated the effectiveness of our approach by defining five different sub-models of PCRA, explaining the algorithm of finding PCRA gadgets, introducing a useful set of gadgets, and providing a sample proof of concept exploit on Android 4.4 platform.
similar resources
Architecture-driven Reuse of Code in KASE
In order to support the synthesis of large, complex software systems, we need to focus on issues pertaining to the architectural design of a system in addition to algorithm and data structure design. In this paper, we present an approach that is based on abstracting the architectural design of a set of problems in the form of a generic architecture , and providing tools that can be used to inst...
full textAssessing the Attack Surface Reduction in Exe- cutables for an Advanced Code Reuse Attack
Nowadays control-flow hijacking attacks represents the highest software-based security threat [16]. For this reason we want to develop a tool that can asses the attack surface reduction (Q: Which useful code parts for an attack are still available after a hardening policy was applied to an executable?) w.r.t. the attack dubbed, Counterfeit Object-Oriented Programming (COOP) [8]. This attack is ...
full textInstantly Obsoleting the Address-code Associations: A New Principle for Defending Advanced Code Reuse Attack
Fine-grained Address Space Randomization has been considered as an effective protection against code reuse attacks such as ROP/JOP. However, it only employs a one-time randomization, and such a limitation has been exploited by recent just-in-time ROP and side channel ROP, which collect gadgets on-the-fly and dynamically compile them for malicious purposes. To defeat these advanced code reuse at...
full textInheritance: from code reuse to reasoning reuse
In the Object-Oriented approach a designer can, given an existing base class, use inheritance to build a derived class that extends, or that slightly differs from the base class. But in order to exploit the full potential of inheritance to build systems incrementally, the designer must also be able to reason about the derived class incrementally. This paper presents a specification notation and...
full textA Choices Hypervisor on the ARM architecture
Choices is an object oriented operating system that runs on the x86 and ARM architectures. The aim of this project is to build a hypervisor using Choices on the ARM architecture. In this project we aim to build a hypervisor on the QEMU emulator emulating the ARM7 architecture using a VMX approach. We have selected as guest operating system a small Linux image. The primary goal of the system is ...
full textThe ARM Architecture
ARM is a a 32-bit RISC processor architecture currently being developed by the ARM corporation. The business model behind ARM is based on licensing the ARM architecture to companies that want to manufacture ARM-based CPU’s or system-on-a-chip products. The two main types of licenses are the Implementation license and the Architecture license. The Implementation license provides complete informa...
full textMy Resources
Journal title
volume 8 issue 1
pages 39- 52
publication date 2016-01-23
By following a journal you will be notified via email when a new issue of this journal is published.
Hosted on Doprax cloud platform doprax.com
copyright © 2015-2023