Timely address space rerandomization for resisting code reuse attacks

Summary The major weakness of address space layout randomization is the address space of the program being randomized only once at loading. Therefore, it cannot prevent those advanced code reuse attacks, such as just‐in‐time return‐oriented programming. In view of this situation, we propose an instantaneous and continual address space rerandomization approach, called just‐in‐time address space rerandomization (JIT‐ASR) to thwart the attack. The JIT‐ASR uses the virtual memory management and can ceaselessly change the program's address space by modifying the virtual page number of the code address and page table at runtime. In this way, the address space of the program will change continually. This mechanism will make the addresses used by the attacker become stale, and the attack payload cannot be performed successfully. To demonstrate the effectiveness and efficiency of JIT‐ASR, we apply it to SPEC CPU2006 benchmark suite. The evaluation results and security analysis show that JIT‐ASR can resist the code reuse attacks, especially just‐in‐time return‐oriented programming, and yield low runtime performance overhead (1.2% on average on the SPEC CPU2006 benchmark).