Mitigating ROP Attacks via ARM-Specific In-Place Instruction Randomization

作     者：Yu Liang 

作者机构：Key Laboratory of Aerospace Information Security and Trust Computing of Ministry of EducationWuhan 430079China Computer School of Wuhan UniversityWuhan 430079China 

出 版 物：《China Communications》 (中国通信（英文版）)

年 卷 期：2016年第13卷第9期

页      面：208-226页

核心收录：

学科分类：0810[工学-信息与通信工程] 0839[工学-网络空间安全] 08[工学] 081001[工学-通信与信息系统] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Natural Science Foundation of China(Grant No.61202387,61332019 and 61373168) the National Basic Research Program of China(“973”Program)(Grant No.2014CB340600) 

主　　题：software security ROP mitigation instruction randomization ARM architecture 

摘      要：Defending against return-oriented programing(ROP) attacks is extremely challenging for modern operating *** the most popular mobile OS running on ARM,Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity *** this paper,leveraging specific ARM features,an instruction randomization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is *** popping out more registers in functions epilogue instructions and reallocating registers in function scopes,branch targets in all(direct and indirect) branch instructions potential to be ROP gadgets are changed *** the knowledge of binaries runtime instructions layout,adversary s repeated control flow transfer in ROP exploits will be ***,this instruction randomization idea has been implemented in both Android Dalvik runtime and *** evaluations proved it is capable to introduce enough randomness for more than 99% discovered functions and thwart about 95% ROP gadgets in application s shared libraries and oat file compiled from Dalvik ***,evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead.