HideM

Gionta, Jason; Enck, William; Ning, Peng

doi:10.1145/2699026.2699107

Cited by 60 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For data randomization specifically, this means the masks must be protected. In the case of static DSR, where all keys are embedded directly into the protected application's code, one could simply apply an execute-only memory mechanism to protect the keys against disclosure attacks [6,19,24].…”

Section: Challengesmentioning

confidence: 99%

“…The compiler generates masks for each data partition and embeds them directly in the binary code of the application [8,11], or stores them in a dedicated key cache [7]. In both cases, the masks can be protected from memory exploit-based disclosure, either by giving the binary code pages execute-only permissions [6,19,24], or by modifying the CPU such that the key cache can only be accessed through custom data access instructions [7].…”

mentioning

confidence: 99%

See 1 more Smart Citation

CoDaRR: Continuous Data Space Randomization against Data-Only Attacks

Rajasekaran

Crane²,

Gens

et al. 2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

The widespread deployment of exploit mitigations such as CFI and shadow stacks are making code-reuse attacks increasingly difficult. This has forced adversaries to consider data-only attacks against which the venerable ASLR remains the primary deployed defense. Data-Space Randomization (DSR) techniques raise the bar against data-only attacks by making it harder for adversaries to inject malicious data flows into vulnerable applications. DSR works by masking memory load and store instructions. Masks are chosen (i) to not interfere with intended data flows and (ii) such that masking likely interferes with unintended flows introduced by malicious program inputs. In this paper, we show two new attacks that bypass all existing static DSR approaches; one that directly discloses memory and another using speculative execution. We then present CoDaRR, the first dynamic DSR scheme resilient to disclosure attacks. CoDaRR continuously rerandomizes the masks used in loads and stores, and re-masks all memory objects to remain transparent w.r.t. program execution. Our evaluation confirms that CoDaRR successfully thwarts these attacks with limited run-time overhead in standard benchmarks as well as real-world applications.

show abstract

Section: Challengesmentioning

confidence: 99%

mentioning

confidence: 99%

CoDaRR: Continuous Data Space Randomization against Data-Only Attacks

Rajasekaran

Crane²,

Gens

et al. 2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…State-of-the-art code disclosure defenses either focus on designing disclosure-resistant diversification techniques [34], [10] or emulating X⊕R semantics [9], [27], [42], [18], [30], [83], [91], [43], [64] to ensure code is executable but not readable. In either cases, such techniques mainly defend against read-based attacks, while leaving generic binaries vulnerable to execution-based attacks.…”

Section: Code Disclosure Defensesmentioning

confidence: 99%

“…In other words, CodeArmor's design probabilistically ensures that only "live" code pointers that can be leaked from data memory can be used (as-is) as individual gadgets by attackers, significantly reducing the attack surface. Unlike existing leakage-resistant code diversification techniques that provide similar security guarantees [43], [42], [27], [30], [83], [91], [64], [10], [9], [18], CodeArmor works entirely at the binary level without any need for source, special hardware support, or modifications to the underlying software stack (i.e., OS or hypervisor).…”

Section: Introductionmentioning

confidence: 99%

CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks

Chen

Bos

Giuffrida

2017

2017 IEEE European Symposium on Security and Privacy (EuroS&P)

View full text Add to dashboard Cite

General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

“…Apart from models that merely restrict an attacker's knowledge of the memory layout, some defenses impose additional properties on the memory. The principle of execute-only memory (XoM) [8], [23] allows for an additional access right, in contrast to the standard of execute access implying read access. Without the possibility of reading the code, an adversary has no way of determining the actual bytes used to implement a given functionality.…”

Section: B Information Hiding Defensesmentioning

confidence: 99%