MARC View

000			24960nam a22002537a 4500
008			210830s2021 \|\|\|\|f mb\|\| 00\| 0 eng d
040			_aEG-CaNU _cEG-CaNU
041	0		_aeng _beng
082			_a658
100	0		_aAyman Mohammed El-Desokey El-Zoghby _9570
245	1		_aCODE REUSE ATTACKS MITIGATION : _bANALYSIS AND NEW HYBRID TECHNIQUE / _cAyman Mohammed El-Desokey El-Zoghby
260			_c2021
300			_a101 p. _bill. _c21 cm.
500			_aSupervisor: Marianne Azer
502			_aThesis (M.A.)—Nile University, Egypt, 2021 .
504			_a"Includes bibliographical references"
505	0		_aContents: Chapter 1: Introduction ............................................................................................................................ 1 1.1 Research Motivation .......................................................................................................................... 4 1.2 Research Goals .................................................................................................................................. 5 1.3 Contribution ...................................................................................................................................... 5 1.4 Publications ....................................................................................................................................... 5 1.5 Outline ............................................................................................................................................... 6 Chapter 2 – Memory Safety Issues and Attacks ....................................................................................... 7 2.1 Memory Safety Issues ........................................................................................................................ 7 2.1.1 Buffer Overflow (Spatial Memory Safety) ................................................................................... 7 2.1.2 Use-after free (Temporal Memory Safety).................................................................................. 8 2.1.3 Type-confusion ............................................................................................................................ 8 2.2 Memory Protection .......................................................................................................................... 10 2.3 Control-Flow Attacks ........................................................................................................................ 10 2.3.1 Control-Flow Attacks Foundation ............................................................................................. 11 A) Code Injection Attacks ............................................................................................................... 12 B) Code-Reuse Attacks ................................................................................................................... 12 2.4 Computer Memory Structure ........................................................................................................... 13 2.4.1 Stack Frame ............................................................................................................................... 13 2.4.2 Function Epilogue and Function Prologue ................................................................................ 14 2.5 Code Injection Attack and Mitigation Overview .............................................................................. 15 2.5.1 Data Execution Prevention ........................................................................................................ 17 2.5.2 Return-into-libc ......................................................................................................................... 17 2.5.3 Return-Oriented Programming ................................................................................................. 20 2.5.3.1 Gadget Creation ................................................................................................................. 21 2.5.3.2 Real-World Exploits ............................................................................................................ 22 2.5.4 Address Space Layout Randomization (ASLR) ........................................................................... 24 2.5.4.1 Address Space Layout Randomization (ASLR) Limitations ................................................. 26 2.6 Control-Flow Integrity (CFI) .......................................................................................................... 26 2.6.1 CFI for Indirect Jumps ............................................................................................................ 28 v 2.6.2 CFI for Indirect Calls .............................................................................................................. 29 2.6.3 CFI for Function Returns ........................................................................................................ 30 2.6. Summary ........................................................................................................................................ 33 Chapter 3 –Evaluation and Analysis of Code-Reuse Attacks Mitigation Techniques ............................. 35 3.1 Mitigations Based on Control-Flow Integrity ................................................................................... 36 3.1.1 The Original Control-Flow Integrity (CFI) .................................................................................. 37 3.1.1.1 Technique Methodology .................................................................................................... 37 3.1.1.2 Technique Advantages ....................................................................................................... 39 3.1.1.3 Technique Disadvantages ................................................................................................... 39 3.1.1.4 Technique implementation ................................................................................................ 40 3.1.2 Control Flow Integrity for COTS Binaries (Bin-CFI) .................................................................... 40 3.1.2.1 Technique Methodology .................................................................................................... 40 3.1.2.2 Technique Advantages ....................................................................................................... 41 3.1.2.3 Technique Disadvantages ................................................................................................... 42 3.1.2.4 Technique Implementation details .................................................................................... 42 3.1.3 Practical CFI (per-Input CFI) ....................................................................................................... 42 3.1.3.1 Technique Methodology .................................................................................................... 42 3.1.3.2 Technique Advantages ....................................................................................................... 43 3.1.3.3 Technique Disadvantages ................................................................................................... 43 3.1.3.4 Technique Implementation ................................................................................................ 43 3.1.4 Control-Flow Locking ................................................................................................................. 43 3.1.4.1 Technique Methodology .................................................................................................... 43 3.1.4.2 Technique Advantages ....................................................................................................... 44 3.1.4.3 Technique Disadvantages ................................................................................................... 44 3.1.4.4 Technique Implementation ................................................................................................ 44 3.1.5 Compact Control Flow Integrity and Randomization (CCFIR) ................................................... 45 3.1.5.1 Technique Methodology .................................................................................................... 45 3.1.5.2 Technique Advantages ....................................................................................................... 46 3.1.5.3 Technique Disadvantages ................................................................................................... 46 3.1.5.4 Technique Implementation ................................................................................................ 46 3.1.6 Multi Architecture Binary Rewrite ............................................................................................ 46 3.1.6.1 Technique Methodology .................................................................................................... 47 vi 3.1.6.2 Technique Advantages ....................................................................................................... 47 3.1.6.3 Technique Disadvantages ................................................................................................... 47 3.1.6.4 Technique Implementation ................................................................................................ 47 3.1.7 Code Pointer Integrity ............................................................................................................... 48 3.1.7.1 Technique Methodology .................................................................................................... 48 3.1.7.2 Technique Advantages ....................................................................................................... 48 3.1.7.3 Technique Disadvantages ................................................................................................... 48 3.1.7.4 Technique Implementation ................................................................................................ 49 3.2 Mitigations Based on Instruction Rewriting ..................................................................................... 49 3.2.1 In Place Randomization ............................................................................................................. 49 3.2.1.1 Technique Methodology .................................................................................................... 49 3.2.1.2 Technique Advantages ....................................................................................................... 50 3.2.1.3 Technique Disadvantages ................................................................................................... 50 3.2.1.4 Technique Implementation ................................................................................................ 50 3.2.2 NORAX ...................................................................................................................................... 51 3.2.2.1 Technique Methodology .................................................................................................... 51 3.2.2.2 Technique Advantages ....................................................................................................... 51 3.2.2.3 Technique Disadvantages ................................................................................................... 51 3.2.2.4 Technique Implementation ................................................................................................ 52 3.2.3 Return-less kernels. ................................................................................................................... 52 3.2.3.1 Technique Methodology .................................................................................................... 52 3.2.3.2 Technique Advantages ....................................................................................................... 52 3.2.3.3 Technique Disadvantages ................................................................................................... 53 3.2.3.4 Technique Implementation ................................................................................................ 53 3.3 Mitigations Based on Instruction Monitoring .................................................................................. 53 3.3.1 ROPDefender ............................................................................................................................. 53 3.3.1.1 Technique Methodology .................................................................................................... 53 3.3.1.2 Technique Advantages ....................................................................................................... 54 3.3.1.3 Technique Disadvantages ................................................................................................... 54 3.3.1.4 Technique Implementation ................................................................................................ 54 3.3.2 kBouncer .................................................................................................................................. 55 3.3.2.1 Technique Methodology .................................................................................................... 55 vii 3.3.2.2 Technique Advantages ....................................................................................................... 56 3.3.2.3 Technique Disadvantages ................................................................................................... 56 3.3.2.4 Technique Implementation ................................................................................................ 56 3.3.3 ROPecker .................................................................................................................................. 57 3.3.3.1 Technique Methodology .................................................................................................... 57 3.3.3.2 Technique Advantages ....................................................................................................... 57 3.3.3.3 Technique Disadvantages ................................................................................................... 58 3.3.3.4 Technique Implementation ................................................................................................ 58 3.3.4 ROPGuard . ............................................................................................................................... 58 3.3.4.1 Technique Methodology .................................................................................................... 58 3.3.4.2 Technique Advantages ....................................................................................................... 59 3.3.4.3 Technique Disadvantages ................................................................................................... 59 3.3.4.4 Technique Implementation details .................................................................................... 59 3.3.5 Detecting return-oriented programming malicious code (DROP) ............................................ 60 3.3.5.1 Technique Methodology .................................................................................................... 60 3.3.5.2 Technique Advantages ....................................................................................................... 60 3.3.5.3 Technique Disadvantages ................................................................................................... 61 3.3.5.4 Technique Implementation details .................................................................................... 61 3.3.6 Zero-sum Defender ................................................................................................................... 61 3.3.6.1 Technique Methodology .................................................................................................... 61 3.3.6.2 Technique Advantages ....................................................................................................... 61 3.3.6.3 Technique Disadvantages ................................................................................................... 62 3.3.6.4 Technique Implementation details .................................................................................... 62 3.4 Mitigations Based on Memory Randomization ................................................................................ 62 3.4.1 Binary Stirring ............................................................................................................................ 62 3.4.1.1 Technique Methodology .................................................................................................... 62 3.4.1.2 Technique Advantages ....................................................................................................... 63 3.4.1.3 Technique Disadvantages ................................................................................................... 63 3.4.1.4 Technique Implementation details .................................................................................... 63 3.4.2 KAISER ...................................................................................................................................... 64 3.4.2.1 Technique Methodology .................................................................................................... 64 3.4.2.2 Technique Advantages ....................................................................................................... 64 viii 3.4.2.3 Technique Disadvantages ................................................................................................... 65 3.4.2.4 Technique Implementation details .................................................................................... 65 3.4.3 Marlin ....................................................................................................................................... 65 3.4.3.1 Technique Methodology .................................................................................................... 65 3.4.3.2 Technique Advantages ....................................................................................................... 65 3.4.3.3 Technique Disadvantages ................................................................................................... 66 3.4.3.4 Technique Implementation details .................................................................................... 66 3.4.4 Instruction Location Randomization ......................................................................................... 66 3.4.4.1 Technique Methodology .................................................................................................... 66 3.4.4.2 Technique Advantages ....................................................................................................... 67 3.4.4.3 Technique Disadvantages ................................................................................................... 67 3.4.4.4 Technique Implementation details .................................................................................... 67 3.5 Mitigations Based on Input Scanning ............................................................................................... 68 3.5.1 ROPScan ................................................................................................................................... 68 3.5.1.1 Technique Methodology .................................................................................................... 68 3.5.1.2 Technique Advantages ....................................................................................................... 69 3.5.1.3 Technique Disadvantages ................................................................................................... 69 3.5.1.4 Technique Implementation details .................................................................................... 69 3.6 Comparison of Code-Reuse Mitigations ........................................................................................... 69 3.6.1 Impact on Performance............................................................................................................. 70 3.6.2 Universality and Completeness ................................................................................................. 70 3.6.3 Effectiveness ............................................................................................................................. 71 3.7. Summary ........................................................................................................................................ 75 Chapter 4: Hybrid Code-Reuse Protection System ................................................................................ 77 4.1 Ghent University Multi-Variant Execution Environment (GHUMVEE) System Overview ................ 77 4.1.1 GHUMVEE Operation Methodology.......................................................................................... 79 4.1.2 GHUMVEE as a ROP Defense .................................................................................................... 83 4.1.3 GHUMVEE Evaluation as a Code-reuse Mitigation Technique .................................................. 83 4.1.4 Relaxed-Monitoring (ReMon) System ....................................................................................... 84 4.2 Gadget-Free Binaries (G-Free) .......................................................................................................... 85 4.2.1 G-Free Technique Overview ...................................................................................................... 85 4.2.1 G-Free Technique Evaluation .................................................................................................... 87 ix 4.3 A Proposed Hybrid System to Mitigate Code-Reuse Attacks using G-Free and GHUMVEE (NG-MVEE). ................................................................................................................................................... 87 4.4 Experiment Setup and Results ......................................................................................................... 89 4.5 Hybrid System Evaluation ................................................................................................................ 93 Chapter 5: Conclusions and Future Work .............................................................................................. 95 5.1 Future Work .................................................................................................................................... 95 References ...............................................................................................................................
520	3		_aAbstract: Code-Reuse Attacks (CRA) are established attack mechanisms employed to bypass advanced software-based and hardware-based defenses. The prevalence of software vulnerabilities and weak memory protection practices allow attackers to corrupt the memory space of the vulnerable applications to run a malicious arbitrary code. More than twenty code-reuse mitigation techniques have been evaluated, analyzed, and compared. The comparison aims to point out the added-value of these defenses and the shortcomings as well. Each code-reuse defense mechanism has scope limitations and restrictive prerequisites; which allow attackers to bypass suggested defenses eventually. Our research aim is to explore the possibility of aggregating different defenses to provide enhanced protection against code-reuse attacks. A novel mitigation framework is proposed in our research which is a hybrid mechanism combining two different mitigation techniques. The first technique is called Gadget Free (G-Free) which focuses on removing malicious code-snippets (i.e., gadgets) from system libraries and binary code during compile-time. The second technique adopts the Moving Target Defense (MTD) protection concept. This technique is called Ghent University Multi-Variant Execution Environment (GHUMVEE). GHUMVEE provides run-time and compile-time protection against code-reuse attacks by monitoring the execution of multi-variants of the same program and observer if a program instance is misbehaving because of successful exploitations.
546			_aText in English, abstracts in English.
650		4	_aInformation Security _9294
655		7	_2NULIB _aDissertation, Academic _9187
690			_aInformation Security _9294
942			_2ddc _cTH
999			_c9076 _d9076