Marlin: Mitigating Code Reuse Attacks Using Code Randomization

Code-reuse attacks, such as return-oriented programming (ROP), are a class of buffer overflow attacks that repurpose existing executable code towards malicious purposes. These attacks bypass defenses against code injection attacks by chaining together sequence of instructions, commonly known as gadg...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2015-05, Vol.12 (3), p.326-337
Main Authors: Gupta, Aditi, Habibi, Javid, Kirkpatrick, Michael S., Bertino, Elisa
Format: Article
Language:English
Subjects:
Bypass
Code reuse
Computer architecture
Cybersecurity
Entropy
Geophysical measurement techniques
Ground penetrating radar
Layout
Programming
Software
Studies
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Code-reuse attacks, such as return-oriented programming (ROP), are a class of buffer overflow attacks that repurpose existing executable code towards malicious purposes. These attacks bypass defenses against code injection attacks by chaining together sequence of instructions, commonly known as gadgets, to execute the desired attack logic. A common feature of these attacks is the reliance on the knowledge of memory layout of the executable code. We propose a fine grained randomization based approach that breaks these assumptions by modifying the layout of the executable code and hinders code-reuse attack. Our solution, Marlin, randomizes the internal structure of the executable code by randomly shuffling the function blocks in the target binary. This denies the attacker the necessary a priori knowledge of instruction addresses for constructing the desired exploit payload. Our approach can be applied to any ELF binary and every execution of this binary uses a different randomization. We have integrated Marlin into the bash shell that randomizes the target executable before launching it. Our work shows that such an approach incurs low overhead and significantly increases the level of security against code-reuse based attacks.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2014.2345384