What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon

Ping Chen, Jun Xu, Zhisheng Hu, Xinyu Xing, Minghui Zhu, Bing Mao, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Address space randomization has long been used for counteracting code reuse attacks, ranging from conventional ROP to sophisticated Just-in-Time ROP. At the high level, it shuffles program code in memory and thus prevents malicious ROP payload from performing arbitrary operations. While effective in mitigating attacks, existing randomization mechanisms are impractical for real-world applications and systems, especially considering the significant performance overhead and potential program corruption incurred by their implementation. In this paper, we introduce CHAMELEON, a practical defense mechanism that hinders code reuse attacks, particularly Just-in-Time ROP attacks. Technically speaking, CHAMELEON instruments program code, randomly shuffles code page addresses and minimizes the attack surface exposed to adversaries. While this defense mechanism follows in the footprints of address space randomization, our design principle focuses on using randomization to obstruct code page disclosure, making the ensuing attacks infeasible. We implemented a prototype of CHAMELEON on Linux operating system and extensively experimented it in different settings. Our theoretical and empirical evaluation indicates the effectiveness and efficiency of CHAMELEON in thwarting Just-in-Time ROP attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages451-462
Number of pages12
ISBN (Electronic)9781538605417
DOIs
StatePublished - Aug 30 2017
Event47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 - Denver, United States
Duration: Jun 26 2017Jun 29 2017

Publication series

NameProceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

Other

Other47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017
CountryUnited States
CityDenver
Period6/26/176/29/17

Fingerprint

Computer operating systems
Data storage equipment
Linux

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Chen, P., Xu, J., Hu, Z., Xing, X., Zhu, M., Mao, B., & Liu, P. (2017). What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 (pp. 451-462). [8023144] (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2017.47
Chen, Ping ; Xu, Jun ; Hu, Zhisheng ; Xing, Xinyu ; Zhu, Minghui ; Mao, Bing ; Liu, Peng. / What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon. Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 451-462 (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017).
@inproceedings{c017774575114338a0011d55da965be9,
title = "What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon",
abstract = "Address space randomization has long been used for counteracting code reuse attacks, ranging from conventional ROP to sophisticated Just-in-Time ROP. At the high level, it shuffles program code in memory and thus prevents malicious ROP payload from performing arbitrary operations. While effective in mitigating attacks, existing randomization mechanisms are impractical for real-world applications and systems, especially considering the significant performance overhead and potential program corruption incurred by their implementation. In this paper, we introduce CHAMELEON, a practical defense mechanism that hinders code reuse attacks, particularly Just-in-Time ROP attacks. Technically speaking, CHAMELEON instruments program code, randomly shuffles code page addresses and minimizes the attack surface exposed to adversaries. While this defense mechanism follows in the footprints of address space randomization, our design principle focuses on using randomization to obstruct code page disclosure, making the ensuing attacks infeasible. We implemented a prototype of CHAMELEON on Linux operating system and extensively experimented it in different settings. Our theoretical and empirical evaluation indicates the effectiveness and efficiency of CHAMELEON in thwarting Just-in-Time ROP attacks.",
author = "Ping Chen and Jun Xu and Zhisheng Hu and Xinyu Xing and Minghui Zhu and Bing Mao and Peng Liu",
year = "2017",
month = "8",
day = "30",
doi = "10.1109/DSN.2017.47",
language = "English (US)",
series = "Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "451--462",
booktitle = "Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017",
address = "United States",

}

Chen, P, Xu, J, Hu, Z, Xing, X, Zhu, M, Mao, B & Liu, P 2017, What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon. in Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017., 8023144, Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017, Institute of Electrical and Electronics Engineers Inc., pp. 451-462, 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017, Denver, United States, 6/26/17. https://doi.org/10.1109/DSN.2017.47

What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon. / Chen, Ping; Xu, Jun; Hu, Zhisheng; Xing, Xinyu; Zhu, Minghui; Mao, Bing; Liu, Peng.

Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 451-462 8023144 (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon

AU - Chen, Ping

AU - Xu, Jun

AU - Hu, Zhisheng

AU - Xing, Xinyu

AU - Zhu, Minghui

AU - Mao, Bing

AU - Liu, Peng

PY - 2017/8/30

Y1 - 2017/8/30

N2 - Address space randomization has long been used for counteracting code reuse attacks, ranging from conventional ROP to sophisticated Just-in-Time ROP. At the high level, it shuffles program code in memory and thus prevents malicious ROP payload from performing arbitrary operations. While effective in mitigating attacks, existing randomization mechanisms are impractical for real-world applications and systems, especially considering the significant performance overhead and potential program corruption incurred by their implementation. In this paper, we introduce CHAMELEON, a practical defense mechanism that hinders code reuse attacks, particularly Just-in-Time ROP attacks. Technically speaking, CHAMELEON instruments program code, randomly shuffles code page addresses and minimizes the attack surface exposed to adversaries. While this defense mechanism follows in the footprints of address space randomization, our design principle focuses on using randomization to obstruct code page disclosure, making the ensuing attacks infeasible. We implemented a prototype of CHAMELEON on Linux operating system and extensively experimented it in different settings. Our theoretical and empirical evaluation indicates the effectiveness and efficiency of CHAMELEON in thwarting Just-in-Time ROP attacks.

AB - Address space randomization has long been used for counteracting code reuse attacks, ranging from conventional ROP to sophisticated Just-in-Time ROP. At the high level, it shuffles program code in memory and thus prevents malicious ROP payload from performing arbitrary operations. While effective in mitigating attacks, existing randomization mechanisms are impractical for real-world applications and systems, especially considering the significant performance overhead and potential program corruption incurred by their implementation. In this paper, we introduce CHAMELEON, a practical defense mechanism that hinders code reuse attacks, particularly Just-in-Time ROP attacks. Technically speaking, CHAMELEON instruments program code, randomly shuffles code page addresses and minimizes the attack surface exposed to adversaries. While this defense mechanism follows in the footprints of address space randomization, our design principle focuses on using randomization to obstruct code page disclosure, making the ensuing attacks infeasible. We implemented a prototype of CHAMELEON on Linux operating system and extensively experimented it in different settings. Our theoretical and empirical evaluation indicates the effectiveness and efficiency of CHAMELEON in thwarting Just-in-Time ROP attacks.

UR - http://www.scopus.com/inward/record.url?scp=85031667168&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85031667168&partnerID=8YFLogxK

U2 - 10.1109/DSN.2017.47

DO - 10.1109/DSN.2017.47

M3 - Conference contribution

AN - SCOPUS:85031667168

T3 - Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

SP - 451

EP - 462

BT - Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Chen P, Xu J, Hu Z, Xing X, Zhu M, Mao B et al. What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 451-462. 8023144. (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017). https://doi.org/10.1109/DSN.2017.47