| Title | AddrArmor: An Address-based Runtime Code-reuse Attack Mitigation for Shared Objects at the Binary-level |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Lin, Kunli, Xia, Haojun, Zhang, Kun, Tu, Bibo |
| Conference Name | 2021 IEEE Intl Conf on Parallel Distributed Processing with Applications, Big Data Cloud Computing, Sustainable Computing Communications, Social Computing Networking (ISPA/BDCloud/SocialCom/SustainCom) |
| Keywords | code-reuse attack, codes, compositionality, Hardware, Information Reuse, instrumentation, Instruments, Loading, Performance analysis, pubcrawl, Resiliency, Runtime, security |
| Abstract | The widespread adoption of DEP has made most modern attacks follow the same general steps: Attackers try to construct code-reuse attacks by using vulnerable indirect branch instructions in shared objects after successful exploits on memory vulnerabilities. In response to code-reuse attacks, researchers have proposed a large number of defenses. However, most of them require access to source code and/or specific hardware features. These limitations hinder the deployment of these defenses much.In this paper, we propose an address-based code-reuse attack mitigation for shared objects at the binary-level. We emphasize that the execution of indirect branch instruction must follow several principles we propose. More specifically, we first reconstruct function boundaries at the program's dynamic-linking stage by combining shared object's dynamic symbols with binary-level instruction analysis. We then leverage static instrumentation to hook vulnerable indirect branch instructions to a novel target address computation and validation routine. At runtime, AddrArmor will protect against code-reuse attacks based on the computed target address.Our experimental results show that AddrArmor provides a strong line of defense against code reuse attacks, and has an acceptable performance overhead of about 6.74% on average using SPEC CPU 2006. |
| DOI | 10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00029 |
| Citation Key | lin_addrarmor_2021 |
AddrArmor: An Address-based Runtime Code-reuse Attack Mitigation for Shared Objects at the Binary-level