UBC Theses and Dissertations
Binary shuffling : defeating memory disclosure attacks through re-randomization Williams-King, David
Software that is in use and under development today still contains as many bugs as ever. These bugs are often exploitable by attackers using advanced techniques such as Return-Oriented Programming (ROP), where pieces of legitimate code are stitched together to form a malicious exploit. One class of defenses against these attacks is Address-Space Layout Randomization (ASLR), which randomly selects the base addresses of legitimate code. However, it has recently been shown that this randomization can be unravelled with memory disclosure attacks, which divulge the contents of memory at a given address. In this work, we strengthen code randomization against memory disclosure attacks, in order to make it a viable defense in the face of Return-Oriented Programming. We propose a technique called binary shuffling, which dynamically re-randomizes the position of code blocks at runtime. While a memory disclosure may reveal the contents of a memory address (thus unravelling the randomization), this information is only valid for a very short time. Our system, called Shuffler, operates on program binaries without access to source code, and can re-randomize the position of all code in a program in as little as ten milliseconds. We show that this is fast enough to defeat any attempt at Return-Oriented Programming, even when armed with a memory disclosure attack. Shuffler adds only 10 to 21% overhead on average, making it a viable defense against these types of attack.
Item Citations and Data
Attribution-NonCommercial-NoDerivs 2.5 Canada