A Practical Approach for Adaptive Data Structure Layout Randomization
Attackers often corrupt data structures to compromise software systems. As a countermeasure, data structure layout randomization has been proposed. Unfortunately, existing techniques require manual designation of randomize-able data structures without gua
- PDF / 914,110 Bytes
- 21 Pages / 439.37 x 666.142 pts Page_size
- 59 Downloads / 173 Views
College of Information Sciences and Technology, The Pennsylvania State University, State College, USA {pzc10,jxx13,pliu}@ist.psu.edu 2 State Key Laboratory for Novel Software Technology, Department of Computer Science and Technology, Nanjing University, Nanjing, China [email protected] 3 Department of Computer Science, Purdue University, West Lafayette, USA [email protected] 4 Department of Computer Science, University of Texas at Dallas, Richardson, USA [email protected]
Abstract. Attackers often corrupt data structures to compromise software systems. As a countermeasure, data structure layout randomization has been proposed. Unfortunately, existing techniques require manual designation of randomize-able data structures without guaranteeing the correctness and keep the layout unchanged at runtime. We present a system, called SALADS, that automatically translates a program to a DSSR (Data Structure Self-Randomizing) program. At runtime, a DSSR program dynamically randomizes the layout of each security-sensitive data structure by itself autonomously. DSSR programs regularly re-randomize a data structure when it has been accessed several times after last randomization. More importantly, DSSR programs automatically determine the randomizability of instances and randomize each instance independently. We have implemented SALADS based on gcc-4.5.0 and generated DSSR user-level applications, OS kernels, and hypervisors. Our experiments show that the DSSR programs can defeat a wide range of attacks with reasonable performance overhead.
1
Introduction
In programs developed in C or C++ language, encapsulated data objects, such as struct and class, are widely used to group a list of logically related variables. Not surprisingly, these encapsulated data structures, the focus of this paper, are often the target or aid of a wide variety of attacks. For instance, attackers often leverage knowledge about data structures defined in a victim program to construct successful exploits against it. This is the case for both application programs and system programs (e.g., operating system kernels and virtual machine monitors). More specifically, a data structure contains a set of fields. Knowledge about a data structure’s layout, namely how the fields neighbour each c Springer International Publishing Switzerland 2015 G. Pernul et al. (Eds.): ESORICS 2015, Part I, LNCS 9326, pp. 69–89, 2015. DOI: 10.1007/978-3-319-24174-6 4
70
P. Chen et al.
other inside the data structure, can be very useful to the attacker. For example, knowing the layout of accounting/book-keeping data structures, on-line gaming fraud [10] can be performed by modifying the values of relevant fields; Knowing the layouts of in-stack or in-heap data structures will help construct memory corruption exploits [25]; Guided by the layout of the process control block (PCB), a kernel rootkit is able to hide a process by locating and manipulating certain psssine attacksthat locate a data structure and manipulate specific fields after knowing its layout as data structu
Data Loading...