Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization

Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage: (i) execute-only permissions on memory accesses, (ii) code pointer hiding(e.g., indirection...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Okhravi,Hamed, Rudd,Robert A, Bigelow,David, Skowyra,Richard W, Dedhia,Veer S, Hobson,Thomas, Crane,Stephen, Liebchen,Christopher, Larsen,Per, Davi,Lucas, Franz,Michael, Sadeghi,Ahmad-Reza
Format:	Report
Sprache:	eng
Schlagworte:	computer programming Computer Systems Management and Standards cryptography malware object oriented programming procedural programming language relational database management systems
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	Okhravi,Hamed Rudd,Robert A Bigelow,David Skowyra,Richard W Dedhia,Veer S Hobson,Thomas Crane,Stephen Liebchen,Christopher Larsen,Per Davi,Lucas Franz,Michael Sadeghi,Ahmad-Reza
description	Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage: (i) execute-only permissions on memory accesses, (ii) code pointer hiding(e.g., indirection or encryption), and (iii) decoys (e.g., booby traps). Among the proposed leakage-resilient defenses, Read actor is the most comprehensive solution that combines all these techniques. In this paper, we conduct a systematic analysis of recently proposed execute only randomization solutions including Read actor, and demonstrate a new class of attacks that bypasses them generically, highlighting their limitations. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits to demonstrate their practicality. We then implement and evaluate a new defense against our attacks. Our evaluation shows that our new technique is practical and adds little additional performance overhead (9.7% vs. 6.4%).
format	Report
fullrecord	<record><control><sourceid>dtic_1RU</sourceid><recordid>TN_cdi_dtic_stinet_AD1033825</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>AD1033825</sourcerecordid><originalsourceid>FETCH-dtic_stinet_AD10338253</originalsourceid><addsrcrecordid>eNrjZPDxyExJVUjMS1EITk3NtlJwrSjIyc8sycxLBwt6JBalpOaBeD6pidmJ6am6QanFmTmZqXklCs75QJ1BQFX5uZlViSWZ-Xk8DKxpiTnFqbxQmptBxs01xNlDN6UkMzm-GGhqakm8o4uhgbGxhZGpMQFpAP-LMe4</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>report</recordtype></control><display><type>report</type><title>Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization</title><source>DTIC Technical Reports</source><creator>Okhravi,Hamed ; Rudd,Robert A ; Bigelow,David ; Skowyra,Richard W ; Dedhia,Veer S ; Hobson,Thomas ; Crane,Stephen ; Liebchen,Christopher ; Larsen,Per ; Davi,Lucas ; Franz,Michael ; Sadeghi,Ahmad-Reza</creator><creatorcontrib>Okhravi,Hamed ; Rudd,Robert A ; Bigelow,David ; Skowyra,Richard W ; Dedhia,Veer S ; Hobson,Thomas ; Crane,Stephen ; Liebchen,Christopher ; Larsen,Per ; Davi,Lucas ; Franz,Michael ; Sadeghi,Ahmad-Reza ; MIT Lincoln Laboratory Lexington United States</creatorcontrib><description>Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage: (i) execute-only permissions on memory accesses, (ii) code pointer hiding(e.g., indirection or encryption), and (iii) decoys (e.g., booby traps). Among the proposed leakage-resilient defenses, Read actor is the most comprehensive solution that combines all these techniques. In this paper, we conduct a systematic analysis of recently proposed execute only randomization solutions including Read actor, and demonstrate a new class of attacks that bypasses them generically, highlighting their limitations. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits to demonstrate their practicality. We then implement and evaluate a new defense against our attacks. Our evaluation shows that our new technique is practical and adds little additional performance overhead (9.7% vs. 6.4%).</description><language>eng</language><subject>computer programming ; Computer Systems Management and Standards ; cryptography ; malware ; object oriented programming ; procedural programming language ; relational database management systems</subject><creationdate>2016</creationdate><rights>Approved For Public Release</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,777,882,27548,27549</link.rule.ids><linktorsrc>$$Uhttps://apps.dtic.mil/sti/citations/AD1033825$$EView_record_in_DTIC$$FView_record_in_$$GDTIC$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Okhravi,Hamed</creatorcontrib><creatorcontrib>Rudd,Robert A</creatorcontrib><creatorcontrib>Bigelow,David</creatorcontrib><creatorcontrib>Skowyra,Richard W</creatorcontrib><creatorcontrib>Dedhia,Veer S</creatorcontrib><creatorcontrib>Hobson,Thomas</creatorcontrib><creatorcontrib>Crane,Stephen</creatorcontrib><creatorcontrib>Liebchen,Christopher</creatorcontrib><creatorcontrib>Larsen,Per</creatorcontrib><creatorcontrib>Davi,Lucas</creatorcontrib><creatorcontrib>Franz,Michael</creatorcontrib><creatorcontrib>Sadeghi,Ahmad-Reza</creatorcontrib><creatorcontrib>MIT Lincoln Laboratory Lexington United States</creatorcontrib><title>Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization</title><description>Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage: (i) execute-only permissions on memory accesses, (ii) code pointer hiding(e.g., indirection or encryption), and (iii) decoys (e.g., booby traps). Among the proposed leakage-resilient defenses, Read actor is the most comprehensive solution that combines all these techniques. In this paper, we conduct a systematic analysis of recently proposed execute only randomization solutions including Read actor, and demonstrate a new class of attacks that bypasses them generically, highlighting their limitations. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits to demonstrate their practicality. We then implement and evaluate a new defense against our attacks. Our evaluation shows that our new technique is practical and adds little additional performance overhead (9.7% vs. 6.4%).</description><subject>computer programming</subject><subject>Computer Systems Management and Standards</subject><subject>cryptography</subject><subject>malware</subject><subject>object oriented programming</subject><subject>procedural programming language</subject><subject>relational database management systems</subject><fulltext>true</fulltext><rsrctype>report</rsrctype><creationdate>2016</creationdate><recordtype>report</recordtype><sourceid>1RU</sourceid><recordid>eNrjZPDxyExJVUjMS1EITk3NtlJwrSjIyc8sycxLBwt6JBalpOaBeD6pidmJ6am6QanFmTmZqXklCs75QJ1BQFX5uZlViSWZ-Xk8DKxpiTnFqbxQmptBxs01xNlDN6UkMzm-GGhqakm8o4uhgbGxhZGpMQFpAP-LMe4</recordid><startdate>20160330</startdate><enddate>20160330</enddate><creator>Okhravi,Hamed</creator><creator>Rudd,Robert A</creator><creator>Bigelow,David</creator><creator>Skowyra,Richard W</creator><creator>Dedhia,Veer S</creator><creator>Hobson,Thomas</creator><creator>Crane,Stephen</creator><creator>Liebchen,Christopher</creator><creator>Larsen,Per</creator><creator>Davi,Lucas</creator><creator>Franz,Michael</creator><creator>Sadeghi,Ahmad-Reza</creator><scope>1RU</scope><scope>BHM</scope></search><sort><creationdate>20160330</creationdate><title>Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization</title><author>Okhravi,Hamed ; Rudd,Robert A ; Bigelow,David ; Skowyra,Richard W ; Dedhia,Veer S ; Hobson,Thomas ; Crane,Stephen ; Liebchen,Christopher ; Larsen,Per ; Davi,Lucas ; Franz,Michael ; Sadeghi,Ahmad-Reza</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-dtic_stinet_AD10338253</frbrgroupid><rsrctype>reports</rsrctype><prefilter>reports</prefilter><language>eng</language><creationdate>2016</creationdate><topic>computer programming</topic><topic>Computer Systems Management and Standards</topic><topic>cryptography</topic><topic>malware</topic><topic>object oriented programming</topic><topic>procedural programming language</topic><topic>relational database management systems</topic><toplevel>online_resources</toplevel><creatorcontrib>Okhravi,Hamed</creatorcontrib><creatorcontrib>Rudd,Robert A</creatorcontrib><creatorcontrib>Bigelow,David</creatorcontrib><creatorcontrib>Skowyra,Richard W</creatorcontrib><creatorcontrib>Dedhia,Veer S</creatorcontrib><creatorcontrib>Hobson,Thomas</creatorcontrib><creatorcontrib>Crane,Stephen</creatorcontrib><creatorcontrib>Liebchen,Christopher</creatorcontrib><creatorcontrib>Larsen,Per</creatorcontrib><creatorcontrib>Davi,Lucas</creatorcontrib><creatorcontrib>Franz,Michael</creatorcontrib><creatorcontrib>Sadeghi,Ahmad-Reza</creatorcontrib><creatorcontrib>MIT Lincoln Laboratory Lexington United States</creatorcontrib><collection>DTIC Technical Reports</collection><collection>DTIC STINET</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Okhravi,Hamed</au><au>Rudd,Robert A</au><au>Bigelow,David</au><au>Skowyra,Richard W</au><au>Dedhia,Veer S</au><au>Hobson,Thomas</au><au>Crane,Stephen</au><au>Liebchen,Christopher</au><au>Larsen,Per</au><au>Davi,Lucas</au><au>Franz,Michael</au><au>Sadeghi,Ahmad-Reza</au><aucorp>MIT Lincoln Laboratory Lexington United States</aucorp><format>book</format><genre>unknown</genre><ristype>RPRT</ristype><btitle>Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization</btitle><date>2016-03-30</date><risdate>2016</risdate><abstract>Information leakage vulnerabilities can allow adversaries to bypass mitigations based on code randomization. This discovery motivates numerous techniques that diminish direct and indirect information leakage: (i) execute-only permissions on memory accesses, (ii) code pointer hiding(e.g., indirection or encryption), and (iii) decoys (e.g., booby traps). Among the proposed leakage-resilient defenses, Read actor is the most comprehensive solution that combines all these techniques. In this paper, we conduct a systematic analysis of recently proposed execute only randomization solutions including Read actor, and demonstrate a new class of attacks that bypasses them generically, highlighting their limitations. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits to demonstrate their practicality. We then implement and evaluate a new defense against our attacks. Our evaluation shows that our new technique is practical and adds little additional performance overhead (9.7% vs. 6.4%).</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	eng
recordid	cdi_dtic_stinet_AD1033825
source	DTIC Technical Reports
subjects	computer programming Computer Systems Management and Standards cryptography malware object oriented programming procedural programming language relational database management systems
title	Hide and Seek: Exploiting and Hardening Leakage-Resilient Code Randomization
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T06%3A19%3A43IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-dtic_1RU&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=unknown&rft.btitle=Hide%20and%20Seek:%20Exploiting%20and%20Hardening%20Leakage-Resilient%20Code%20Randomization&rft.au=Okhravi,Hamed&rft.aucorp=MIT%20Lincoln%20Laboratory%20Lexington%20United%20States&rft.date=2016-03-30&rft_id=info:doi/&rft_dat=%3Cdtic_1RU%3EAD1033825%3C/dtic_1RU%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true