Mitigating ROP Attacks via ARM-Specific In-Place Instruction Randomization
Defending against return-oriented programing (ROP) attacks is extremely challenging for modern operating systems. As the most popular mobile OS running on ARM, Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity en...
Gespeichert in:
Veröffentlicht in: | China communications 2016-09, Vol.13 (9), p.208-226 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | Defending against return-oriented programing (ROP) attacks is extremely challenging for modern operating systems. As the most popular mobile OS running on ARM, Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity enforcement. In this paper, leveraging specific ARM features, an instruction random- ization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is proposed. By popping out more registers in functions' epilogue instructions and reallocating registers in function scopes, branch targets in all (direct and indirect) branch instructions potential to be ROP gadgets are changed randomly. Without the knowledge of binaries' runtime instructions layout, adversary's repeated control flow transfer in ROP exploits will be subverted. Furthermore, this instruction randomization idea has been implemented in both Android Dalvik runtime and ART. Corresponding evaluations proved it is capable to introduce enough randomness for more than 99% discovered functions and thwart about 95% ROP gadgets in application's shared libraries and oat file compiled from Dalvik bytecode. Besides, evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead. |
---|---|
ISSN: | 1673-5447 |
DOI: | 10.1109/CC.2016.7582313 |