Systematic Analysis of Defenses against Return-Oriented Programming
Author(s)Skowyra, Richard; Casteel, Kelly; Okhravi, Hamed; Zeldovich, Nickolai; Streilein, William W.
MetadataShow full item record
Since the introduction of return-oriented programming, increasingly complex defenses and subtle attacks that bypass them have been proposed. Unfortunately the lack of a unifying threat model among code reuse security papers makes it difficult to evaluate the effectiveness of defenses, and answer critical questions about the interoperability, composability, and efficacy of existing defensive techniques. For example, what combination of defenses protect against every known avenue of code reuse? What is the smallest set of such defenses? In this work, we study the space of code reuse attacks by building a formal model of attacks and their requirements, and defenses and their assumptions. We use a SAT solver to perform scenario analysis on our model in two ways. First, we analyze the defense configurations of a real-world system. Second, we reason about hypothetical defense bypasses. We prove by construction that attack extensions implementing the hypothesized functionality are possible even if a ‘perfect’ version of the defense is implemented. Our approach can be used to formalize the process of threat model definition, analyze defense configurations, reason about composability and efficacy, and hypothesize about new attacks and defenses.
DepartmentLincoln Laboratory; Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Research in Attacks, Intrusions, and Defenses
Springer-Verlag Berlin Heidelberg
Skowyra, Richard, Kelly Casteel, Hamed Okhravi, Nickolai Zeldovich, and William Streilein. “Systematic Analysis of Defenses Against Return-Oriented Programming.” Berlin: Springer Verlag, (Lecture Notes in Computer Science ; volume 8145) (2013): 82–102.
Author's final manuscript