TY - GEN
T1 - No-execute-after-read
T2 - 11th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2016
AU - Werner, Jan
AU - Otterness, Nathan
AU - Baltas, George
AU - Snow, Kevin Z.
AU - Polychronakis, Michalis
AU - Dallara, Rob
AU - Monrose, Fabian
N1 - Publisher Copyright: © 2016 ACM.
PY - 2016/5/30
Y1 - 2016/5/30
N2 - Memory disclosure vulnerabilities enable an adversary to successfully mount arbitrary code execution attacks against applications via so-called just-in-time code reuse attacks, even when those applications are fortified with fine-grained address space layout randomization. This attack paradigm requires the adversary to first read the contents of randomized application code, then construct a code reuse payload using that knowledge. In this paper, we show that the recently proposed Execute-no-Read (XnR) technique fails to prevent just-in-time code reuse attacks. Next, we introduce the design and implementation of a novel memory permission primitive, dubbed No-Execute-After-Read (NEAR), that foregoes the problems of XnR and provides strong security guarantees against just-intime attacks in commodity binaries. Specifically, NEAR allows all code to be disclosed, but prevents any disclosed code from subsequently being executed, thus thwarting just-in-time code reuse. At the same time, commodity binaries with mixed code and data regions still operate correctly, as legitimate data is still readable. To demonstrate the practicality and portability of our approach we implemented prototypes for both Linux and Android on the ARMv8 architecture, as well as a prototype that protects unmodified Microsoft Windows executables and dynamically linked libraries. In addition, our evaluation on the SPEC2006 benchmark demonstrates that our prototype has negligible runtime overhead, making it suitable for practical deployment.
AB - Memory disclosure vulnerabilities enable an adversary to successfully mount arbitrary code execution attacks against applications via so-called just-in-time code reuse attacks, even when those applications are fortified with fine-grained address space layout randomization. This attack paradigm requires the adversary to first read the contents of randomized application code, then construct a code reuse payload using that knowledge. In this paper, we show that the recently proposed Execute-no-Read (XnR) technique fails to prevent just-in-time code reuse attacks. Next, we introduce the design and implementation of a novel memory permission primitive, dubbed No-Execute-After-Read (NEAR), that foregoes the problems of XnR and provides strong security guarantees against just-intime attacks in commodity binaries. Specifically, NEAR allows all code to be disclosed, but prevents any disclosed code from subsequently being executed, thus thwarting just-in-time code reuse. At the same time, commodity binaries with mixed code and data regions still operate correctly, as legitimate data is still readable. To demonstrate the practicality and portability of our approach we implemented prototypes for both Linux and Android on the ARMv8 architecture, as well as a prototype that protects unmodified Microsoft Windows executables and dynamically linked libraries. In addition, our evaluation on the SPEC2006 benchmark demonstrates that our prototype has negligible runtime overhead, making it suitable for practical deployment.
UR - https://www.scopus.com/pages/publications/84979688331
U2 - 10.1145/2897845:2897891
DO - 10.1145/2897845:2897891
M3 - Conference contribution
T3 - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
SP - 35
EP - 46
BT - ASIA CCS 2016 - Proceedings of the 11th ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 30 May 2016 through 3 June 2016
ER -