CODE REUSE ATTACKS MITIGATION : (Record no. 9076)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 24960nam a22002537a 4500 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 210830s2021 ||||f mb|| 00| 0 eng d |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | EG-CaNU |
| Transcribing agency | EG-CaNU |
| 041 0# - Language Code | |
| Language code of text | eng |
| Language code of abstract | eng |
| 082 ## - DEWEY DECIMAL CLASSIFICATION NUMBER | |
| Classification number | 658 |
| 100 0# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Ayman Mohammed El-Desokey El-Zoghby |
| 245 1# - TITLE STATEMENT | |
| Title | CODE REUSE ATTACKS MITIGATION : |
| Remainder of title | ANALYSIS AND NEW HYBRID TECHNIQUE / |
| Statement of responsibility, etc. | Ayman Mohammed El-Desokey El-Zoghby |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. | |
| Date of publication, distribution, etc. | 2021 |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 101 p. |
| Other physical details | ill. |
| Dimensions | 21 cm. |
| 500 ## - GENERAL NOTE | |
| General note | Supervisor: Marianne Azer |
| 502 ## - Dissertation Note | |
| Dissertation type | Thesis (M.A.)—Nile University, Egypt, 2021 . |
| 504 ## - Bibliography | |
| Bibliography | "Includes bibliographical references" |
| 505 0# - Contents | |
| Formatted contents note | Contents:<br/>Chapter 1: Introduction ............................................................................................................................ 1<br/>1.1 Research Motivation .......................................................................................................................... 4<br/>1.2 Research Goals .................................................................................................................................. 5<br/>1.3 Contribution ...................................................................................................................................... 5<br/>1.4 Publications ....................................................................................................................................... 5<br/>1.5 Outline ............................................................................................................................................... 6<br/>Chapter 2 – Memory Safety Issues and Attacks ....................................................................................... 7<br/>2.1 Memory Safety Issues ........................................................................................................................ 7<br/>2.1.1 Buffer Overflow (Spatial Memory Safety) ................................................................................... 7<br/>2.1.2 Use-after free (Temporal Memory Safety).................................................................................. 8<br/>2.1.3 Type-confusion ............................................................................................................................ 8<br/>2.2 Memory Protection .......................................................................................................................... 10<br/>2.3 Control-Flow Attacks ........................................................................................................................ 10<br/>2.3.1 Control-Flow Attacks Foundation ............................................................................................. 11<br/>A) Code Injection Attacks ............................................................................................................... 12<br/>B) Code-Reuse Attacks ................................................................................................................... 12<br/>2.4 Computer Memory Structure ........................................................................................................... 13<br/>2.4.1 Stack Frame ............................................................................................................................... 13<br/>2.4.2 Function Epilogue and Function Prologue ................................................................................ 14<br/>2.5 Code Injection Attack and Mitigation Overview .............................................................................. 15<br/>2.5.1 Data Execution Prevention ........................................................................................................ 17<br/>2.5.2 Return-into-libc ......................................................................................................................... 17<br/>2.5.3 Return-Oriented Programming ................................................................................................. 20<br/>2.5.3.1 Gadget Creation ................................................................................................................. 21<br/>2.5.3.2 Real-World Exploits ............................................................................................................ 22<br/>2.5.4 Address Space Layout Randomization (ASLR) ........................................................................... 24<br/>2.5.4.1 Address Space Layout Randomization (ASLR) Limitations ................................................. 26<br/>2.6 Control-Flow Integrity (CFI) .......................................................................................................... 26<br/>2.6.1 CFI for Indirect Jumps ............................................................................................................ 28<br/>v<br/>2.6.2 CFI for Indirect Calls .............................................................................................................. 29<br/>2.6.3 CFI for Function Returns ........................................................................................................ 30<br/>2.6. Summary ........................................................................................................................................ 33<br/>Chapter 3 –Evaluation and Analysis of Code-Reuse Attacks Mitigation Techniques ............................. 35<br/>3.1 Mitigations Based on Control-Flow Integrity ................................................................................... 36<br/>3.1.1 The Original Control-Flow Integrity (CFI) .................................................................................. 37<br/>3.1.1.1 Technique Methodology .................................................................................................... 37<br/>3.1.1.2 Technique Advantages ....................................................................................................... 39<br/>3.1.1.3 Technique Disadvantages ................................................................................................... 39<br/>3.1.1.4 Technique implementation ................................................................................................ 40<br/>3.1.2 Control Flow Integrity for COTS Binaries (Bin-CFI) .................................................................... 40<br/>3.1.2.1 Technique Methodology .................................................................................................... 40<br/>3.1.2.2 Technique Advantages ....................................................................................................... 41<br/>3.1.2.3 Technique Disadvantages ................................................................................................... 42<br/>3.1.2.4 Technique Implementation details .................................................................................... 42<br/>3.1.3 Practical CFI (per-Input CFI) ....................................................................................................... 42<br/>3.1.3.1 Technique Methodology .................................................................................................... 42<br/>3.1.3.2 Technique Advantages ....................................................................................................... 43<br/>3.1.3.3 Technique Disadvantages ................................................................................................... 43<br/>3.1.3.4 Technique Implementation ................................................................................................ 43<br/>3.1.4 Control-Flow Locking ................................................................................................................. 43<br/>3.1.4.1 Technique Methodology .................................................................................................... 43<br/>3.1.4.2 Technique Advantages ....................................................................................................... 44<br/>3.1.4.3 Technique Disadvantages ................................................................................................... 44<br/>3.1.4.4 Technique Implementation ................................................................................................ 44<br/>3.1.5 Compact Control Flow Integrity and Randomization (CCFIR) ................................................... 45<br/>3.1.5.1 Technique Methodology .................................................................................................... 45<br/>3.1.5.2 Technique Advantages ....................................................................................................... 46<br/>3.1.5.3 Technique Disadvantages ................................................................................................... 46<br/>3.1.5.4 Technique Implementation ................................................................................................ 46<br/>3.1.6 Multi Architecture Binary Rewrite ............................................................................................ 46<br/>3.1.6.1 Technique Methodology .................................................................................................... 47<br/>vi<br/>3.1.6.2 Technique Advantages ....................................................................................................... 47<br/>3.1.6.3 Technique Disadvantages ................................................................................................... 47<br/>3.1.6.4 Technique Implementation ................................................................................................ 47<br/>3.1.7 Code Pointer Integrity ............................................................................................................... 48<br/>3.1.7.1 Technique Methodology .................................................................................................... 48<br/>3.1.7.2 Technique Advantages ....................................................................................................... 48<br/>3.1.7.3 Technique Disadvantages ................................................................................................... 48<br/>3.1.7.4 Technique Implementation ................................................................................................ 49<br/>3.2 Mitigations Based on Instruction Rewriting ..................................................................................... 49<br/>3.2.1 In Place Randomization ............................................................................................................. 49<br/>3.2.1.1 Technique Methodology .................................................................................................... 49<br/>3.2.1.2 Technique Advantages ....................................................................................................... 50<br/>3.2.1.3 Technique Disadvantages ................................................................................................... 50<br/>3.2.1.4 Technique Implementation ................................................................................................ 50<br/>3.2.2 NORAX ...................................................................................................................................... 51<br/>3.2.2.1 Technique Methodology .................................................................................................... 51<br/>3.2.2.2 Technique Advantages ....................................................................................................... 51<br/>3.2.2.3 Technique Disadvantages ................................................................................................... 51<br/>3.2.2.4 Technique Implementation ................................................................................................ 52<br/>3.2.3 Return-less kernels. ................................................................................................................... 52<br/>3.2.3.1 Technique Methodology .................................................................................................... 52<br/>3.2.3.2 Technique Advantages ....................................................................................................... 52<br/>3.2.3.3 Technique Disadvantages ................................................................................................... 53<br/>3.2.3.4 Technique Implementation ................................................................................................ 53<br/>3.3 Mitigations Based on Instruction Monitoring .................................................................................. 53<br/>3.3.1 ROPDefender ............................................................................................................................. 53<br/>3.3.1.1 Technique Methodology .................................................................................................... 53<br/>3.3.1.2 Technique Advantages ....................................................................................................... 54<br/>3.3.1.3 Technique Disadvantages ................................................................................................... 54<br/>3.3.1.4 Technique Implementation ................................................................................................ 54<br/>3.3.2 kBouncer .................................................................................................................................. 55<br/>3.3.2.1 Technique Methodology .................................................................................................... 55<br/>vii<br/>3.3.2.2 Technique Advantages ....................................................................................................... 56<br/>3.3.2.3 Technique Disadvantages ................................................................................................... 56<br/>3.3.2.4 Technique Implementation ................................................................................................ 56<br/>3.3.3 ROPecker .................................................................................................................................. 57<br/>3.3.3.1 Technique Methodology .................................................................................................... 57<br/>3.3.3.2 Technique Advantages ....................................................................................................... 57<br/>3.3.3.3 Technique Disadvantages ................................................................................................... 58<br/>3.3.3.4 Technique Implementation ................................................................................................ 58<br/>3.3.4 ROPGuard . ............................................................................................................................... 58<br/>3.3.4.1 Technique Methodology .................................................................................................... 58<br/>3.3.4.2 Technique Advantages ....................................................................................................... 59<br/>3.3.4.3 Technique Disadvantages ................................................................................................... 59<br/>3.3.4.4 Technique Implementation details .................................................................................... 59<br/>3.3.5 Detecting return-oriented programming malicious code (DROP) ............................................ 60<br/>3.3.5.1 Technique Methodology .................................................................................................... 60<br/>3.3.5.2 Technique Advantages ....................................................................................................... 60<br/>3.3.5.3 Technique Disadvantages ................................................................................................... 61<br/>3.3.5.4 Technique Implementation details .................................................................................... 61<br/>3.3.6 Zero-sum Defender ................................................................................................................... 61<br/>3.3.6.1 Technique Methodology .................................................................................................... 61<br/>3.3.6.2 Technique Advantages ....................................................................................................... 61<br/>3.3.6.3 Technique Disadvantages ................................................................................................... 62<br/>3.3.6.4 Technique Implementation details .................................................................................... 62<br/>3.4 Mitigations Based on Memory Randomization ................................................................................ 62<br/>3.4.1 Binary Stirring ............................................................................................................................ 62<br/>3.4.1.1 Technique Methodology .................................................................................................... 62<br/>3.4.1.2 Technique Advantages ....................................................................................................... 63<br/>3.4.1.3 Technique Disadvantages ................................................................................................... 63<br/>3.4.1.4 Technique Implementation details .................................................................................... 63<br/>3.4.2 KAISER ...................................................................................................................................... 64<br/>3.4.2.1 Technique Methodology .................................................................................................... 64<br/>3.4.2.2 Technique Advantages ....................................................................................................... 64<br/>viii<br/>3.4.2.3 Technique Disadvantages ................................................................................................... 65<br/>3.4.2.4 Technique Implementation details .................................................................................... 65<br/>3.4.3 Marlin ....................................................................................................................................... 65<br/>3.4.3.1 Technique Methodology .................................................................................................... 65<br/>3.4.3.2 Technique Advantages ....................................................................................................... 65<br/>3.4.3.3 Technique Disadvantages ................................................................................................... 66<br/>3.4.3.4 Technique Implementation details .................................................................................... 66<br/>3.4.4 Instruction Location Randomization ......................................................................................... 66<br/>3.4.4.1 Technique Methodology .................................................................................................... 66<br/>3.4.4.2 Technique Advantages ....................................................................................................... 67<br/>3.4.4.3 Technique Disadvantages ................................................................................................... 67<br/>3.4.4.4 Technique Implementation details .................................................................................... 67<br/>3.5 Mitigations Based on Input Scanning ............................................................................................... 68<br/>3.5.1 ROPScan ................................................................................................................................... 68<br/>3.5.1.1 Technique Methodology .................................................................................................... 68<br/>3.5.1.2 Technique Advantages ....................................................................................................... 69<br/>3.5.1.3 Technique Disadvantages ................................................................................................... 69<br/>3.5.1.4 Technique Implementation details .................................................................................... 69<br/>3.6 Comparison of Code-Reuse Mitigations ........................................................................................... 69<br/>3.6.1 Impact on Performance............................................................................................................. 70<br/>3.6.2 Universality and Completeness ................................................................................................. 70<br/>3.6.3 Effectiveness ............................................................................................................................. 71<br/>3.7. Summary ........................................................................................................................................ 75<br/>Chapter 4: Hybrid Code-Reuse Protection System ................................................................................ 77<br/>4.1 Ghent University Multi-Variant Execution Environment (GHUMVEE) System Overview ................ 77<br/>4.1.1 GHUMVEE Operation Methodology.......................................................................................... 79<br/>4.1.2 GHUMVEE as a ROP Defense .................................................................................................... 83<br/>4.1.3 GHUMVEE Evaluation as a Code-reuse Mitigation Technique .................................................. 83<br/>4.1.4 Relaxed-Monitoring (ReMon) System ....................................................................................... 84<br/>4.2 Gadget-Free Binaries (G-Free) .......................................................................................................... 85<br/>4.2.1 G-Free Technique Overview ...................................................................................................... 85<br/>4.2.1 G-Free Technique Evaluation .................................................................................................... 87<br/>ix<br/>4.3 A Proposed Hybrid System to Mitigate Code-Reuse Attacks using G-Free and GHUMVEE (NG-MVEE). ................................................................................................................................................... 87<br/>4.4 Experiment Setup and Results ......................................................................................................... 89<br/>4.5 Hybrid System Evaluation ................................................................................................................ 93<br/>Chapter 5: Conclusions and Future Work .............................................................................................. 95<br/>5.1 Future Work .................................................................................................................................... 95<br/>References ............................................................................................................................... |
| 520 3# - Abstract | |
| Abstract | Abstract:<br/>Code-Reuse Attacks (CRA) are established attack mechanisms employed to bypass advanced software-based and hardware-based defenses. The prevalence of software vulnerabilities and weak memory protection practices allow attackers to corrupt the memory space of the vulnerable applications to run a malicious arbitrary code. More than twenty code-reuse mitigation techniques have been evaluated, analyzed, and compared. The comparison aims to point out the added-value of these defenses and the shortcomings as well. Each code-reuse defense mechanism has scope limitations and restrictive prerequisites; which allow attackers to bypass suggested defenses eventually.<br/>Our research aim is to explore the possibility of aggregating different defenses to provide enhanced protection against code-reuse attacks. A novel mitigation framework is proposed in our research which is a hybrid mechanism combining two different mitigation techniques. The first technique is called Gadget Free (G-Free) which focuses on removing malicious code-snippets (i.e., gadgets) from system libraries and binary code during compile-time. The second technique adopts the Moving Target Defense (MTD) protection concept. This technique is called Ghent University Multi-Variant Execution Environment (GHUMVEE). GHUMVEE provides run-time and compile-time protection against code-reuse attacks by monitoring the execution of multi-variants of the same program and observer if a program instance is misbehaving because of successful exploitations. |
| 546 ## - Language Note | |
| Language Note | Text in English, abstracts in English. |
| 650 #4 - Subject | |
| Subject | Information Security |
| 655 #7 - Index Term-Genre/Form | |
| Source of term | NULIB |
| focus term | Dissertation, Academic |
| 690 ## - Subject | |
| School | Information Security |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Dewey Decimal Classification |
| Koha item type | Thesis |
| 650 #4 - Subject | |
| -- | 294 |
| 655 #7 - Index Term-Genre/Form | |
| -- | 187 |
| 690 ## - Subject | |
| -- | 294 |
| Withdrawn status | Lost status | Source of classification or shelving scheme | Damaged status | Not for loan | Home library | Current library | Date acquired | Total Checkouts | Full call number | Date last seen | Price effective from | Koha item type |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dewey Decimal Classification | Main library | Main library | 08/30/2021 | 658 / A.Z.C / 2021 | 08/30/2021 | 08/30/2021 | Thesis |