Stopping Memory Disclosures via Diversification and Replicated Execution

  title={Stopping Memory Disclosures via Diversification and Replicated Execution},
  author={Kangjie Lu and Meng Xu and Chengyu Song and Taesoo Kim and Wenke Lee},
  journal={IEEE Transactions on Dependable and Secure Computing},
  • Kangjie Lu, Meng Xu, Wenke Lee
  • Published 1 January 2021
  • Computer Science
  • IEEE Transactions on Dependable and Secure Computing
With the wide deployment of security mechanisms such as Address Space Layout Randomization (ASLR), memory disclosures have become a prerequisite for critical memory-corruption attacks (e.g., code-reuse attack)—adversaries are forced to exploit memory disclosures to circumvent ASLR as the first step. As a result, the security threats of memory disclosures are now significantly aggravated—they break not only data confidentiality but also the effectiveness of security mechanisms. In this paper, we… 

Figures and Tables from this paper

Sharing is caring: secure and efficient shared memory support for MVEEs
A design that involves techniques to identify and instrument accesses to shared memory pages, as well as techniques to replicate I/O through shared-memory IPC is proposed that enables the use of MVEEs on a far wider range of programs than previously supported.
Securing Resource Constrained Processors with Name Confusion
We introduce a novel concept, called Name Confusion, and demonstrate how it can be employed to enhance the security of resource-constrained processors. By building upon Name Confusion, we derive
Using Name Confusion to Enhance Security.
Virtual memory is an abstraction that assigns references, or names, to data objects and instructions. Typically, instructions have exactly one name: a uniquely-identifiable virtual address. This
Inuring: Live Attacker-Guided Repair
This work presents inuring, an attack-guided repair method for software vulnerabilities in n-variant systems that uses information gleaned from an attack to perform a "live'' field repair of the underlying vulnerability, thereby obviating the denial-of-service attack.
dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting
dMVX is presented, a novel hybrid distributed MVX design, which incorporates new techniques that significantly reduce the overhead of MVX systems in a distributed setting and can intelligently reduce the MVX operations that use expensive network transfers.
DMON: A Distributed Heterogeneous N-Variant System
This paper presents a novel, distributed NVX design that executes program variants across multiple heterogeneous host computers; the prototype implementation combines an x86-64 host with an ARMv8 host.
Distributed Heterogeneous N-Variant Execution
The evaluation shows that DMON can provide comparable performance to traditional, non-distributed NVX systems, while enhancing security, and greatly increases the level of diversity between the simultaneously running variants that can be supported, encompassing different ISAs and ABIs.
Multi-Variant eXecution: State-of-the-Art and Research Challenges
This paper analyzes and summarizes the current MVX defense technology, focusing on the evolution of the architecture and the key technologies, and point out the challenges to MVX and discuss future research, which is of great significance for the next work.
Multi-Variant Execution at the Edge
This work proposes a technique that automatically diversifies WebAssembly binaries that are deployed to the edge and randomizes execution paths at runtime, turning the execution of the services into a moving target and executes the multivariant binaries on the world-wide edge platform provided by Fastly.


Timely Rerandomization for Mitigating Memory Disclosures
This paper has developed a fully functioning prototype for x86_64 C programs by extending the Linux kernel, GCC, and the libc dynamic linker and recompiles programs with a set of augmented information required to track pointer locations and support runtime rerandomization.
Secure and Efficient Application Monitoring and Replication
A new design, ReMon, is presented that is non-intrusive, secure, and highly efficient that enforces cross-checking only for security critical system calls while supporting more relaxed monitoring policies for system calls that are not security critical.
Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation
SeCage retrofits commodity hardware virtualization extensions to support efficient isolation of sensitive code manipulating critical secrets from the remaining code, and is designed to work under a strong adversary model where a victim application or even the OS may be controlled by the adversary, while supporting large-scale software with small deployment cost.
Diversified Process Replicæ for Defeating Memory Error Exploits
This work defines pr as the replica of a process p which behaves identically to p but has some "structural" diversity from it, thus defeating absolute and partial overwriting memory error exploits and making possible to detect memory corruption attacks in a deterministic way.
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks
This paper shows how to exploit heap-based vulnerabilities to control the stack contents including security-critical values used to validate control-flow transfers, and provides an exploit technique against the latest shadow stack implementation.
Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization
This paper presents MvArmor, an MVX system that uses hardware-assisted process virtualization to monitor variants for divergent behavior in an efficient yet secure way and relies on a new MVX-aware variant generation strategy to provide comprehensive protection against memory error exploits.
Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing
Oxymoron is the first solution to be secure against just-in-time code reuse attacks and it is demonstrated that fine-grained memory randomization is feasible without forfeiting the enormous memory savings of shared libraries.
N-Variant Systems: A Secretless Framework for Security through Diversity
The N-variant systems framework is introduced, a model for analyzing security properties of N-Variant systems is presented, variations that can be used to detect attacks that involve referencing absolute memory addresses and executing injected code are defined, and performance results from a prototype implementation are presented.
Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity
It is shown that many popular code bases such as Apache and Nginx use coding practices that create flexibility in their intended control flow graph (CFG) even when a strong static analyzer is used to construct the CFG, which allows an attacker to gain control of the execution while strictly adhering to a fine-grained CFI.
ILR: Where'd My Gadgets Go?
Instruction Location Randomization (ILR) randomizes the location of every instruction in a program, thwarting an attacker's ability to re-use program functionality (e.g., arc-injection attacks and return-oriented programming attacks).