ROP Defense in the Cloud through LIve Text Page-level Re-ordering - The LITPR System

Angelo Sapello, C. Jason Chiang, Jesse Elwell, Abhrajit Ghosh, Ayumu Kubota, Takashi Matsunaka

2017

Abstract

As cloud computing environments move towards securing against simplistic threats, adversaries are moving towards more sophisticated attacks such as ROP (Return Oriented Programming). In this paper we propose the LIve Text Page-level Re-ordering (LITPR) system for prevention of ROP style attacks and in particular the largely unaddressed Blind ROP attacks on applications running on cloud servers. ROP and BROP, respectively, bypass protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) that are offered by the Linux operating system and can be used to perform arbitrary malicious actions against it. LITPR periodically randomizes the in-memory locations of application and kernel code, at run time, to ensure that both ROP and BROP style attacks are unable to succeed. This is a dramatic change relative to ASLR which is a load time randomization technique.

References

  1. Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J. (2009). Control-flow integrity - principles, implementations, and applications. In ACM Transactions on Information and System Security, volume 13.
  2. Bittau, A., Belay, A., Mashtizadeh, A., Mazieres, D., and Boneh, D. (2014). Hacking blind. In Proceedings of the IEEE S&P conference, Oakland, CA, USA.
  3. Bosman, E., Razavi, K., Bos, H., and Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In Proceedings of IEEE Symposium on Security and Privacy, San Jose, CA, USA.
  4. Buchanan, E., Roemer, R., Schacham, H., and Savage, S. (2008). When good instructions go bad: generalizing return-oriented programming to risc. In Proceedings of the 15th ACM conference on Computer and communications security, pages 27-38, New York, NY, USA.
  5. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Schacham, H., and Winandy, M. (2010). Returnoriented programming without returns. In ACM Conference on Computer and Communication Security 2010, pages 559 - 572.
  6. Evtyushkin, D., Ponomarev, D., and Abu-Ghazaleh, N. (2016). Jump over aslr: Attacking branch predictors to bypass aslr. In Proceedings of IEEE Symposium on Microarchitecture, Taipei, Taiwan.
  7. Giuffrida, C., Kuijsten, A., and Tanenbaum, A. S. (2012). Enhanced operating system security through efficient and fine-grained address space randomization. In Proceedings of USENIX Security Symposium, Bellevue, WA, USA.
  8. Gras, B., Razavi, K., Bosman, E., Bos, H., and Giuffrida, C. (2017). Aslr on the line: Practical cache attacks on the mmu. In Proceedings of the Network and Distributed System Security Symposium, San Diego, CA, USA.
  9. Hund, R., Willems, C., and Holz, T. (2013). Practical timing side channel attacks against kernel space aslr. In Proceedings of IEEE Symposium on Security and Privacy, San Francisco, CA, USA.
  10. Jones, D. (2016 (accessed Nov. 18, 2016)). Trinity System Call Fuzzer. https://github.com/ kernelslacker/trinity.
  11. Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., and Kirda, E. (2010). G-free: defeating return-oriented programming through gadget-less binaries. In Proceedings of the 26th Annual Computer Security Applications Conference, Austin, Texas, USA.
  12. Roemer, R., Buchanan, E., Schacham, H., and Savage, S. (2012). Return-oriented programming: systems, languages, and applications. In ACM Transactions on Information and System Security, volume 15.
  13. Salwan, J. (2016 (accessed Dec. 12, 2016)). ROPgadget. https://github.com/JonathanSalwan/ ROPgadget.
  14. Schacham, H. (2007). The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM Conference on Computer and Communications Security 2007, pages 552 - 561.
  15. Team, P. (2016 (accessed Nov. 18, 2016)). PaX address space layout randomization (ASLR). http://pax. grsecurity.net/docs/aslr.txt.
  16. Wang, Z. and Jiang, X. (2010). Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Proceedings of the 2010 IEEE Symposium on Security and Privacy.
Download


Paper Citation


in Harvard Style

Sapello A., Chiang C., Elwell J., Ghosh A., Kubota A. and Matsunaka T. (2017). ROP Defense in the Cloud through LIve Text Page-level Re-ordering - The LITPR System . In Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-243-1, pages 219-228. DOI: 10.5220/0006305402190228


in Bibtex Style

@conference{closer17,
author={Angelo Sapello and C. Jason Chiang and Jesse Elwell and Abhrajit Ghosh and Ayumu Kubota and Takashi Matsunaka},
title={ROP Defense in the Cloud through LIve Text Page-level Re-ordering - The LITPR System},
booktitle={Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2017},
pages={219-228},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006305402190228},
isbn={978-989-758-243-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - ROP Defense in the Cloud through LIve Text Page-level Re-ordering - The LITPR System
SN - 978-989-758-243-1
AU - Sapello A.
AU - Chiang C.
AU - Elwell J.
AU - Ghosh A.
AU - Kubota A.
AU - Matsunaka T.
PY - 2017
SP - 219
EP - 228
DO - 10.5220/0006305402190228