UC Irvine

Software immunity through diversity is a promising research direction.

Address Space Layout Randomization has been widely deployed to defend against

code-reuse attacks and significantly raises the bar for attackers. However,

automated software diversity is still exploitable by adroit and adaptable

adversaries. Using powerful memory disclosure attacks, offensive researchers

have demonstrated weaknesses in conventional randomization techniques. In

addition, current defenses are largely passive and allow attackers to

continuously brute-force randomized defenses with little impediment.

Building on the foundation of automated software diversity, we propose novel

techniques to strengthen the security and broaden the impact of code

randomization. We first discuss software booby traps, a new active defense

technique enabled by randomized program contents. We then propose, implement,

and evaluate a comprehensive randomization-based system, Readactor++, which is

resilient to all types of memory disclosure attacks. Readactor++ enforces

execute-only memory protections on commodity x86 processors, thus preventing

direct disclosure of randomized code. We also identify the indirect disclosure

attack, a new class of code leakage via data disclosure, and mitigate this

attack as well. By integrating booby traps into our system, we protect against

brute-force memory disclosure attempts. In our evaluation we find that

Readactor++ compares favorably to other memory-disclosure resilient code-reuse

defenses and that it scales effectively to complex, real-world software.

Finally, we propose a novel extension of code randomization to mitigate

side-channel rather than code-reuse attacks. Using control-flow diversity, a

novel control-flow transformation, we introduce dynamic behavior into program

side effects with fast, static code. As an example, we apply this technique to

mitigate an AES cache side-channel attack.

With our techniques, software diversity can now be efficiently secured against

advanced attacks, including memory disclosure and function table reuse, and is

adaptable to combat new classes of threats, such as side-channel attacks.