Eliminating the call stack to save RAM

Yang, Xuejun; Cooprider, Nathan; Regehr, John

doi:10.1145/1542452.1542461

Cited by 11 publications

(4 citation statements)

References 28 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The reason is that a return-oriented rootkit, as demonstrated in [11,19,41], can simply create its own stack -without corrupting existing ones -and misuse other innocent non-ret instructions that are not (or cannot be) enhanced for return address protection. Our transformation of ret instructions is also similar to that of Yang et al [46], which mainly targets to save RAM by eliminating the call stack. However, our system has a different goal that further demands two other compiling techniques to completely remove return opcodes, not merely return instructions.…”

Section: Related Workmentioning

confidence: 99%

Defeating return-oriented rootkits with " Return-Less " kernels

Wang

Jiang

et al. 2010

Proceedings of the 5th European Conference on Computer Systems

130

View full text Add to dashboard Cite

Targeting the operating system (OS) kernels, kernel rootkits pose a formidable threat to computer systems and their users. Recent efforts have made significant progress in blocking them from injecting malicious code into the OS kernel for execution. Unfortunately, they cannot block the emerging so-called return-oriented rootkits (RORs). Without the need of injecting their own malicious code, these rootkits can discover and chain together "return-oriented gadgets" (that consist of only legitimate kernel code) for rootkit computation.In this paper, we propose a compiler-based approach to defeat these return-oriented rootkits. Our approach recognizes the hallmark of return-oriented rootkits, i.e., the ret instruction, and accordingly aims to completely remove them in a running OS kernel. Specifically, one key technique named return indirection is to replace the return address in a stack frame into a return index and disallow a ROR from using their own return addresses to locate and assemble returnoriented gadgets. Further, to prevent legitimate instructions that happen to contain return opcodes from being misused, we also propose two other techniques, register allocation and peephole optimization, to avoid introducing them in the first place. We have developed a LLVM-based prototype and used it to generate a return-less FreeBSD kernel. Our evaluation results indicate that the proposed approach is generic, effective, and can be implemented on commodity hardware with a low performance overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Defeating return-oriented rootkits with " Return-Less " kernels

Wang

Jiang

et al. 2010

Proceedings of the 5th European Conference on Computer Systems

130

View full text Add to dashboard Cite

show abstract

“…However, apart from operating only on Ada programs, this work does not describe their implementation and does not provide any static or runtime results. Yang et al proposed and implemented a "lifting" transformation to move global variables into main's local scope [18]. However, lifting was designed to only work with their other "flattening" transformation that absorbs a function into its caller without making a new copy of the function for each call-site.…”

Section: Related Workmentioning

confidence: 99%

Source-to-Source Refactoring and Elimination of Global Variables in C Programs

Sankaranarayanan¹,

Kulkarni²

2013

JSEA

View full text Add to dashboard Cite

A global variable in C/C++ is one that is declared outside a function, and whose scope extends the lifetime of the entire program. Global variables cause problems for program dependability, maintainability, extensibility, verification, and thread-safety. However, global variables can also make coding more convenient and improve program performance. We have found the use of global variables to remain unabated and extensive in real-world software. In this paper we present a source-to-source refactoring tool to automatically detect and localize global variables in a program. We implement a compiler based transformation to find the best location to redefine each global variable as a local. For each global, our algorithm initializes the corresponding new local variable, passes it as an argument to necessary functions, and updates the source lines that used the global to now instead use the corresponding local or argument. We also characterize the use of global variables in standard benchmark programs. We study the effect of our transformation on static program properties, such as change in the number of function arguments and program state visibility. Additionally, we quantify dynamic program features, including memory and runtime performance, before and after our localizing transformation.

show abstract

“…5 If the malicious code has complete control over the data memory, techniques such as memory safety [6] and stack canaries cannot prevent the usage of ROP. However, we notice it could be prevented by Control Flow Integrity [1,8,32]. used to implement a rootkit.…”

Section: A Rootkit-based Attackmentioning

confidence: 99%

On the difficulty of software-based attestation of embedded devices

Castelluccia

Francillon

Perito

et al. 2009

Proceedings of the 16th ACM Conference on Computer and Communications Security

173

152

View full text Add to dashboard Cite

Device attestation is an essential feature in many security protocols and applications. The lack of dedicated hardware and the impossibility to physically access devices to be attested, makes attestation of embedded devices, in applications such as Wireless Sensor Networks, a prominent challenge. Several software-based attestation techniques have been proposed that either rely on tight time constraints or on the lack of free space to store malicious code. This paper investigates the shortcomings of existing software-based attestation techniques. We first present two generic attacks, one based on a return-oriented rootkit and the other on code compression. We further describe specific attacks on two existing proposals, namely SWATT and ICE-based schemes, and argue about the difficulty of fixing them. All attacks presented in this paper were implemented and validated on commodity sensors.

show abstract

Eliminating the call stack to save RAM

Cited by 11 publications

References 28 publications

Defeating return-oriented rootkits with " Return-Less " kernels

Defeating return-oriented rootkits with " Return-Less " kernels

Source-to-Source Refactoring and Elimination of Global Variables in C Programs

On the difficulty of software-based attestation of embedded devices

Contact Info

Product

Resources

About