- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Binary shuffling : defeating memory disclosure attacks...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Binary shuffling : defeating memory disclosure attacks through re-randomization Williams-King, David
Abstract
Software that is in use and under development today still contains as many bugs as ever. These bugs are often exploitable by attackers using advanced techniques such as Return-Oriented Programming (ROP), where pieces of legitimate code are stitched together to form a malicious exploit. One class of defenses against these attacks is Address-Space Layout Randomization (ASLR), which randomly selects the base addresses of legitimate code. However, it has recently been shown that this randomization can be unravelled with memory disclosure attacks, which divulge the contents of memory at a given address. In this work, we strengthen code randomization against memory disclosure attacks, in order to make it a viable defense in the face of Return-Oriented Programming. We propose a technique called binary shuffling, which dynamically re-randomizes the position of code blocks at runtime. While a memory disclosure may reveal the contents of a memory address (thus unravelling the randomization), this information is only valid for a very short time. Our system, called Shuffler, operates on program binaries without access to source code, and can re-randomize the position of all code in a program in as little as ten milliseconds. We show that this is fast enough to defeat any attempt at Return-Oriented Programming, even when armed with a memory disclosure attack. Shuffler adds only 10 to 21% overhead on average, making it a viable defense against these types of attack.
Item Metadata
| Title |
Binary shuffling : defeating memory disclosure attacks through re-randomization
|
| Creator | |
| Publisher |
University of British Columbia
|
| Date Issued |
2014
|
| Description |
Software that is in use and under development today still contains as many bugs as ever. These bugs are often exploitable by attackers using advanced techniques such as Return-Oriented Programming (ROP), where pieces of legitimate code are stitched together to form a malicious exploit. One class of defenses against these attacks is Address-Space Layout Randomization (ASLR), which randomly selects the base addresses of legitimate code. However, it has recently been shown that this randomization can be unravelled with memory disclosure attacks, which divulge the contents of memory at a given address. In this work, we strengthen code randomization against memory disclosure attacks, in order to make it a viable defense in the face of Return-Oriented Programming. We propose a technique called binary shuffling, which dynamically re-randomizes the position of code blocks at runtime. While a memory disclosure may reveal the contents of a memory address (thus unravelling the randomization), this information is only valid for a very short time. Our system, called Shuffler, operates on program binaries without access to source code, and can re-randomize the position of all code in a program in as little as ten milliseconds. We show that this is fast enough to defeat any attempt at Return-Oriented Programming, even when armed with a memory disclosure attack. Shuffler adds only 10 to 21% overhead on average, making it a viable defense against these types of attack.
|
| Genre | |
| Type | |
| Language |
eng
|
| Date Available |
2014-08-01
|
| Provider |
Vancouver : University of British Columbia Library
|
| Rights |
Attribution-NonCommercial-NoDerivs 2.5 Canada
|
| DOI |
10.14288/1.0167580
|
| URI | |
| Degree | |
| Program | |
| Affiliation | |
| Degree Grantor |
University of British Columbia
|
| Graduation Date |
2014-09
|
| Campus | |
| Scholarly Level |
Graduate
|
| Rights URI | |
| Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivs 2.5 Canada