• Corpus ID: 220831047

SPAM: Stateless Permutation of Application Memory

  title={SPAM: Stateless Permutation of Application Memory},
  author={Mohamed Tarek Ibn Ziad and Miguel A. Arroyo and Simha Sethumadhavan},
In this paper, we propose the Stateless Permutation of Application Memory (SPAM), a software defense that enables fine-grained data permutation for C programs. The key benefits include resilience against attacks that directly exploit software errors (i.e., spatial and temporal memory safety violations) in addition to attacks that exploit hardware vulnerabilities such as ColdBoot, RowHammer or hardware side-channels to disclose or corrupt memory using a single cohesive technique. Unlike prior… 


STEROIDS for DOPed Applications: A Compiler for Automated Data-Oriented Programming
Novel techniques to automate the process of generating DOP exploits are presented and a compiler called STEROIDS is implemented that leverages these techniques and compiles the authors' high-level language SLANG into low-level DOP data structures driving malicious computations at run time, enabling highly expressive attacks without conventional code-injection or code-reuse techniques in applications lacking a scripting engine.
Shuffler: Fast and Deployable Continuous Code Re-Randomization
A code-reuse defense, called Shuffler, which continuously re-randomizes code locations on the order of milliseconds, introducing a real-time deadline on the attacker, and defends against all known forms of code reuse, including ROP, direct JIT-ROP, indirect JITs, and Blind ROP.
Improved kernel security through memory layout randomization
Two different ways to mutate an operating system kernel using memory layout randomization to resist kernel-based attacks are described and it is shown that by strategically selecting just a few components for randomization, the techniques prevent kernel rootkit infection.
Breaking the memory secrecy assumption
This paper identifies a new class of vulnerabilities -- buffer overreads -- that occur in practice and that can be exploited to read parts of the memory contents of a process running a vulnerable application.
Data Space Randomization
This work explores a third form of randomization called data space randomization (DSR) that randomizes the representation of data stored in program memory and shows that with appropriate design choices, DSR can achieve a performance overhead in the range of 5% to 30% for a range of programs.
Smokestack: Thwarting DOP Attacks with Runtime Stack Layout Randomization
This paper presents a stack-layout randomization scheme that can effectively thwart DOP attacks and utilizes true-random value sources combined with disclosure-resistant pseudo-random number generation to ensure that an adversary cannot anticipate a function–s invocation permutation of automatic variables.
Data Randomization
A data randomization prototype is implemented that compiles programs without modifications and can prevent many attacks with low overhead, introducing an average runtime overhead of 11% and an average space overhead below 1%.
Practical Byte-Granular Memory Blacklisting using Califorms
A novel idea called Califorms is presented, and associated program observations, to obtain a low overhead security solution for practical, byte-granular memory safety, which reduces the performance overheads of memory safety to ~1.02x--1.16x while providing byte- granular protection and maintaining very low hardware overheads.
libmpk: Software Abstraction for Intel Memory Protection Keys
Intel memory protection keys (MPK) is a new hardware feature to support thread-local permission control on groups of pages without requiring modification of page tables. Unfortunately, its current
AddressSanitizer: A Fast Address Sanity Checker
The paper presents AddressSanitizer, a new memory error detector that achieves efficiency without sacrificing comprehensiveness, and has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software.