Stopping Memory Disclosures via Diversification and Replicated Execution

@article{Lu2021StoppingMD,
  title={Stopping Memory Disclosures via Diversification and Replicated Execution},
  author={Kangjie Lu and Meng Xu and Chengyu Song and Taesoo Kim and Wenke Lee},
  journal={IEEE Transactions on Dependable and Secure Computing},
  year={2021},
  volume={18},
  pages={160-173}
}
  • Kangjie Lu, Meng Xu, Wenke Lee
  • Published 1 January 2021
  • Computer Science
  • IEEE Transactions on Dependable and Secure Computing
With the wide deployment of security mechanisms such as Address Space Layout Randomization (ASLR), memory disclosures have become a prerequisite for critical memory-corruption attacks (e.g., code-reuse attack)—adversaries are forced to exploit memory disclosures to circumvent ASLR as the first step. As a result, the security threats of memory disclosures are now significantly aggravated—they break not only data confidentiality but also the effectiveness of security mechanisms. In this paper, we… 

Figures and Tables from this paper

Sharing is caring: secure and efficient shared memory support for MVEEs
TLDR
A design that involves techniques to identify and instrument accesses to shared memory pages, as well as techniques to replicate I/O through shared-memory IPC is proposed that enables the use of MVEEs on a far wider range of programs than previously supported.
Securing Resource Constrained Processors with Name Confusion
We introduce a novel concept, called Name Confusion, and demonstrate how it can be employed to enhance the security of resource-constrained processors. By building upon Name Confusion, we derive
Using Name Confusion to Enhance Security.
Virtual memory is an abstraction that assigns references, or names, to data objects and instructions. Typically, instructions have exactly one name: a uniquely-identifiable virtual address. This
Inuring: Live Attacker-Guided Repair
TLDR
This work presents inuring, an attack-guided repair method for software vulnerabilities in n-variant systems that uses information gleaned from an attack to perform a "live'' field repair of the underlying vulnerability, thereby obviating the denial-of-service attack.
dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting
TLDR
dMVX is presented, a novel hybrid distributed MVX design, which incorporates new techniques that significantly reduce the overhead of MVX systems in a distributed setting and can intelligently reduce the MVX operations that use expensive network transfers.
DMON: A Distributed Heterogeneous N-Variant System
TLDR
This paper presents a novel, distributed NVX design that executes program variants across multiple heterogeneous host computers; the prototype implementation combines an x86-64 host with an ARMv8 host.
Distributed Heterogeneous N-Variant Execution
TLDR
The evaluation shows that DMON can provide comparable performance to traditional, non-distributed NVX systems, while enhancing security, and greatly increases the level of diversity between the simultaneously running variants that can be supported, encompassing different ISAs and ABIs.
Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, DIMVA 2020, Lisbon, Portugal, June 24–26, 2020, Proceedings
TLDR
This work proposes an automatic process of matching CVE summaries with CPEs through the machine learning task called Named Entity Recognition (NER), which achieves an F-measure of 0.86 with a precision of 1.0 and a recall of0.865, outperforming previous research for automated CPE- detection.
Multi-Variant eXecution: State-of-the-Art and Research Challenges
TLDR
This paper analyzes and summarizes the current MVX defense technology, focusing on the evolution of the architecture and the key technologies, and point out the challenges to MVX and discuss future research, which is of great significance for the next work.
Multi-Variant Execution at the Edge
TLDR
This work proposes a technique that automatically diversifies WebAssembly binaries that are deployed to the edge and randomizes execution paths at runtime, turning the execution of the services into a moving target and executes the multivariant binaries on the world-wide edge platform provided by Fastly.
...
...

References

SHOWING 1-10 OF 57 REFERENCES
Timely Rerandomization for Mitigating Memory Disclosures
TLDR
This paper has developed a fully functioning prototype for x86_64 C programs by extending the Linux kernel, GCC, and the libc dynamic linker and recompiles programs with a set of augmented information required to track pointer locations and support runtime rerandomization.
Secure and Efficient Application Monitoring and Replication
TLDR
A new design, ReMon, is presented that is non-intrusive, secure, and highly efficient that enforces cross-checking only for security critical system calls while supporting more relaxed monitoring policies for system calls that are not security critical.
Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation
TLDR
SeCage retrofits commodity hardware virtualization extensions to support efficient isolation of sensitive code manipulating critical secrets from the remaining code, and is designed to work under a strong adversary model where a victim application or even the OS may be controlled by the adversary, while supporting large-scale software with small deployment cost.
Detile: Fine-Grained Information Leak Detection in Script Engines
TLDR
This paper presents a system for fine-grained, automated detection of memory disclosure attacks against scripting engines, and designs and implements Detile detection of information leaks, a prototype for the JavaScript engine in Microsoft's Internet Explorer 10/11 on Windows 8.0/8.1.
Readactor: Practical Code Randomization Resilient to Memory Disclosure
TLDR
This paper presents the first practical, fine-grained code randomization defense, called Read actor, resilient to both static and dynamic ROP attacks, and uses a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary.
Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming
TLDR
This paper conducts a security analysis of a recently proposed fine-grained ASLR scheme and presents a new and hybrid defense approach, dubbed Isomeron, that combines code randomization with execution-path randomization to mitigate conventional ROP and JIT-ROP attacks.
Diversified Process Replicæ for Defeating Memory Error Exploits
TLDR
This work defines pr as the replica of a process p which behaves identically to p but has some "structural" diversity from it, thus defeating absolute and partial overwriting memory error exploits and making possible to detect memory corruption attacks in a deterministic way.
Taming Parallelism in a Multi-Variant Execution Environment
TLDR
An MVEE-specific synchronization scheme is developed that lets us execute a set of multithreaded variants in lockstep without causing benign divergence, which makes MVEEs a viable defense for a far greater range of realistic workloads.
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks
TLDR
This paper shows how to exploit heap-based vulnerabilities to control the stack contents including security-critical values used to validate control-flow transfers, and provides an exploit technique against the latest shadow stack implementation.
DieHard: probabilistic memory safety for unsafe languages
TLDR
Analytical and experimental results are presented that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application.
...
...