机构地区:[1]Key Laboratory of Aerospace Information Security and Trust Computing of Ministry of Education,Wuhan 430079,China [2]Computer School of Wuhan University,Wuhan 430079,China
出 处:《China Communications》2016年第9期208-226,共19页中国通信(英文版)
基 金:supported by the National Natural Science Foundation of China(Grant No.61202387,61332019 and 61373168);the National Basic Research Program of China(“973”Program)(Grant No.2014CB340600)
摘 要:Defending against return-oriented programing(ROP) attacks is extremely challenging for modern operating systems.As the most popular mobile OS running on ARM,Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity enforcement.In this paper,leveraging specific ARM features,an instruction randomization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is proposed.By popping out more registers in functions' epilogue instructions and reallocating registers in function scopes,branch targets in all(direct and indirect) branch instructions potential to be ROP gadgets are changed randomly.Without the knowledge of binaries' runtime instructions layout,adversary's repeated control flow transfer in ROP exploits will be subverted.Furthermore,this instruction randomization idea has been implemented in both Android Dalvik runtime and ART.Corresponding evaluations proved it is capable to introduce enough randomness for more than 99% discovered functions and thwart about 95% ROP gadgets in application's shared libraries and oat file compiled from Dalvik bytecode.Besides,evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead.Defending against return-oriented programing (ROP) attacks is extremely challenging for modern operating systems. As the most popular mobile OS running on ARM, Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity enforcement. In this paper, leveraging specific ARM features, an instruction random- ization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is proposed. By popping out more registers in functions' epilogue instructions and reallocating registers in function scopes, branch targets in all (direct and indirect) branch instructions potential to be ROP gadgets are changed randomly. Without the knowledge of binaries' runtime instructions layout, adversary's repeated control flow transfer in ROP exploits will be subverted. Furthermore, this instruction randomization idea has been implemented in both Android Dalvik runtime and ART. Corresponding evaluations proved it is capable to introduce enough randomness for more than 99% discovered functions and thwart about 95% ROP gadgets in application's shared libraries and oat file compiled from Dalvik bytecode. Besides, evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead.
关 键 词:software security ROP mitigation instruction randomization ARM architecture
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
