Mitigating ROP Attacks via ARM-Specific In-Place Instruction Randomization

Defending against return-oriented programing (ROP) attacks is extremely challenging for modern operating systems. As the most popular mobile OS running on ARM, Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity en...

Full description

Saved in:
Bibliographic Details
Published in:China communications 2016-09, Vol.13 (9), p.208-226
Main Authors: Liang, Yu, Peng, Guojun, Luo, Yuan, Zhang, Huanguo
Format: Article
Language:English
Subjects:
Androids
ARM
ARM architecture
Humanoid robots
instruction randomization
Libraries
Open area test sites
Registers
ROP
ROP mitigation
Runtime
software security
Subspace constraints
指令
攻击
现代操作系统
移动操作系统
配置寄存器
随机化
Citations: Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Defending against return-oriented programing (ROP) attacks is extremely challenging for modern operating systems. As the most popular mobile OS running on ARM, Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity enforcement. In this paper, leveraging specific ARM features, an instruction random- ization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is proposed. By popping out more registers in functions' epilogue instructions and reallocating registers in function scopes, branch targets in all (direct and indirect) branch instructions potential to be ROP gadgets are changed randomly. Without the knowledge of binaries' runtime instructions layout, adversary's repeated control flow transfer in ROP exploits will be subverted. Furthermore, this instruction randomization idea has been implemented in both Android Dalvik runtime and ART. Corresponding evaluations proved it is capable to introduce enough randomness for more than 99% discovered functions and thwart about 95% ROP gadgets in application's shared libraries and oat file compiled from Dalvik bytecode. Besides, evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead.
ISSN:1673-5447
DOI:10.1109/CC.2016.7582313