A general prerequisite for a code reuse attack is that the attacker needs to locate code gadgets that perform the desired operations and then direct the control flow of a vulnerable application to those gadgets. Address Space Layout Randomization (ASLR) attempts to stop code reuse attacks by making the first part of the prerequisite unsatisfiable. However, research in recent years has shown that this protection is often defeated by commonly existing information leaks, which provides attackers clues about the whereabouts of certain code gadgets. In this paper, we present ASLR-GUARD, a novel mechanism that completely prevents the leaks of code pointers, and render other information leaks (e.g., the ones of data pointers) useless in deriving code address. The main idea behind ASLR-GUARD is to render leak of data pointer useless in deriving code address by separating code and data, provide a secure storage for code pointers, and encode the code pointers when they are treated as data. ASLR-GUARD can either prevent code pointer leaks or render their leaks harmless. That is, ASLR-GUARD makes it impossible to overwrite code pointers with values that point to or will hijack the control flow to a desired address when the code pointers are dereferenced. We have implemented a prototype of ASLR-GUARD, including a compilation toolchain and a C/C++ runtime. Our evaluation results show that (1) ASLR-GUARD supports normal operations correctly; (2) it completely stops code address leaks and can resist against recent sophisticated attacks; (3) it imposes almost no runtime overhead (< 1%) for C/C++ programs in the SPEC benchmark. Therefore, ASLR-GUARD is very practical and can be applied to secure many applications.
|Original language||English (US)|
|Title of host publication||CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security|
|Publisher||Association for Computing Machinery|
|Number of pages||12|
|State||Published - Oct 12 2015|
|Event||22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States|
Duration: Oct 12 2015 → Oct 16 2015
|Name||Proceedings of the ACM Conference on Computer and Communications Security|
|Other||22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015|
|Period||10/12/15 → 10/16/15|
Bibliographical noteFunding Information:
We thank TieleiWang, Laszlo Szekeres, Per Larsen and the anonymous reviewers for their helpful feedback, as well as our operations staff for their proofreading efforts. This research was supported by the NSF award CNS-1017265, CNS-0831300, CNS-1149051 and DGE-1500084, by the ONR under grant N000140911042 and N000141512162, by the DHS under contract N66001-12-C-0133, by the United States Air Force under contract FA8650-10-C-7025, by the DARPA Transparent Computing program under contract DARPA-15-15-TC-FP-006, and by the ETRI MSIP/IITP[B0101-15- 0644].
- Code reuse attack
- Information leak