Systematic Analysis of Defenses against Return-Oriented Programming

Skowyra, Richard; Casteel, Kelly; Okhravi, Hamed; Zeldovich, Nickolai; Streilein, William

Author(s)

Skowyra, Richard; Casteel, Kelly; Okhravi, Hamed; Zeldovich, Nickolai; Streilein, William W.

DownloadZeldovich_Systematic analysis.pdf (222.9Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Since the introduction of return-oriented programming, increasingly complex defenses and subtle attacks that bypass them have been proposed. Unfortunately the lack of a unifying threat model among code reuse security papers makes it difficult to evaluate the effectiveness of defenses, and answer critical questions about the interoperability, composability, and efficacy of existing defensive techniques. For example, what combination of defenses protect against every known avenue of code reuse? What is the smallest set of such defenses? In this work, we study the space of code reuse attacks by building a formal model of attacks and their requirements, and defenses and their assumptions. We use a SAT solver to perform scenario analysis on our model in two ways. First, we analyze the defense configurations of a real-world system. Second, we reason about hypothetical defense bypasses. We prove by construction that attack extensions implementing the hypothesized functionality are possible even if a ‘perfect’ version of the defense is implemented. Our approach can be used to formalize the process of threat model definition, analyze defense configurations, reason about composability and efficacy, and hypothesize about new attacks and defenses.

Date issued

2013

URI

http://hdl.handle.net/1721.1/91251

Department

Lincoln Laboratory; Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Research in Attacks, Intrusions, and Defenses

Publisher

Springer-Verlag Berlin Heidelberg

Citation

Skowyra, Richard, Kelly Casteel, Hamed Okhravi, Nickolai Zeldovich, and William Streilein. “Systematic Analysis of Defenses Against Return-Oriented Programming.” Berlin: Springer Verlag, (Lecture Notes in Computer Science ; volume 8145) (2013): 82–102.

Version: Author's final manuscript

ISBN

978-3-642-41283-7

978-3-642-41284-4

ISSN

0302-9743

1611-3349

Collections

MIT Open Access Articles

DSpace@MIT