Paper Info
Title
What You See is Not What You Get! Thwarting Just-in-Time ROP with Chameleon
Abstract
Address space randomization has long been used for counteracting code reuse attacks, ranging from conventional ROP to sophisticated Just-in-Time ROP. At the high level, it shuffles program code in memory and thus prevents malicious ROP payload from performing arbitrary operations. While effective in mitigating attacks, existing randomization mechanisms are impractical for real-world applications and systems, especially considering the significant performance overhead and potential program corruption incurred by their implementation. In this paper, we introduce CHAMELEON, a practical defense mechanism that hinders code reuse attacks, particularly Just-in-Time ROP attacks. Technically speaking, CHAMELEON instruments program code, randomly shuffles code page addresses and minimizes the attack surface exposed to adversaries. While this defense mechanism follows in the footprints of address space randomization, our design principle focuses on using randomization to obstruct code page disclosure, making the ensuing attacks infeasible. We implemented a prototype of CHAMELEON on Linux operating system and extensively experimented it in different settings. Our theoretical and empirical evaluation indicates the effectiveness and efficiency of CHAMELEON in thwarting Just-in-Time ROP attacks.
Year
DOI
Venue
2017
10.1109/DSN.2017.47
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Keywords
Field
DocType
Address space randomization,JIT-ROP,OS kernel,binary instrumentation
Address space,Program code,Attack surface,Computer security,Computer science,Real-time computing,Code reuse,Os kernel,Payload
Conference
ISSN
ISBN
Citations 
1530-0889
978-1-5386-0543-1
0
PageRank 
References 
Authors
0.34
39
7
Name
Order
Citations
PageRank
Ping Chen119713.22
Jun Xu26510.29
Zhisheng Hu373.86
Xinyu Xing437035.71
Minghui Zhu54412.11
Bing Mao6504.31
P. Liu737841.58