Visible to the public Breaking and Fixing Destructive Code Read Defenses

TitleBreaking and Fixing Destructive Code Read Defenses
Publication TypeConference Paper
Year of Publication2017
AuthorsPewny, Jannik, Koppe, Philipp, Davi, Lucas, Holz, Thorsten
Conference NameProceedings of the 33rd Annual Computer Security Applications Conference
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5345-8
KeywordsCode-Reuse Attacks and Defenses, composability, Destructive Code Reads, Execute-only Memory, Human Behavior, human factors, pubcrawl, resilience, Resiliency, return oriented programming, Scalability
AbstractJust-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In contrast, destructive code reads (DCR) provide a trade-off between security and legacy compatibility. The common belief is that DCR provides strong protection if combined with a high-entropy code randomization. The contribution of this paper is twofold: first, we demonstrate that DCR can be bypassed regardless of the underlying code randomization scheme. To this end, we show novel, generic attacks that infer the code layout for highly randomized program code. Second, we present the design and implementation of BGDX (Byte-Granular DCR and XOM), a novel mitigation technique that protects legacy binaries against code inference attacks. BGDX enforces memory permissions on a byte-granular level allowing us to combine DCR and XOM for legacy, off-the-shelf binaries. Our evaluation shows that BGDX is not only effective, but highly efficient, imposing only a geometric mean performance overhead of 3.95 % on SPEC.
URLhttp://doi.acm.org/10.1145/3134600.3134626
DOI10.1145/3134600.3134626
Citation Keypewny_breaking_2017