Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Randomized instruction set emulation to disrupt binary code injection attacks
Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
Automatic diagnosis and response to memory corruption vulnerabilities
Proceedings of the 12th ACM conference on Computer and communications security
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Where's the FEEB? the effectiveness of instruction set randomization
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Enhancements to the linux kernel for blocking buffer overflow based attack
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Address space randomization for mobile devices
Proceedings of the fourth ACM conference on Wireless network security
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
STABILIZER: statistically sound performance evaluation
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
| Hi-index | 0.00 |
Address Space Randomization (ASR) techniques randomize process layout to prevent attackers from locating target functions. Prior ASR techniques have considered single-target attacks, which succeed if the attacker can locate a single, powerful system library function. These techniques are not sufficient to defend against chained return-into-lib(c) attacks, each of which calls a sequence of system library functions in order.In this paper, we propose a new ASR technique, code islands, that randomizes not only the base pointers of memory mapping (mmapping), but also relative distances between functions, maximally and dynamically. Our technique can minimize the utility of information gained in early probes of a chained return-into-lib(c) attack, for later stages of that attack. With a pre-defined rerandomization thresh-old, our code islands technique not only is exponentially more effective than any prior ASR technique in defending against brute-force searches for locations of multiple targets---a key component of chained return-into-lib (c) attacks, but can also maintain high service availability even under attack. Our overhead measurement on some well-known GNU applications shows that it takes less than 0.05 second to load/rerandomize a process with the necessary C system library functions using code islands, and our technique introduces a 3-10% run-time overhead from inter-island control transfers. We conclude that the code island technique is well-suited to dedicated multi-threaded servers.