TY - GEN
T1 - A practical approach for adaptive data structure layout randomization
AU - Chen, Ping
AU - Xu, Jun
AU - Lin, Zhiqiang
AU - Xu, Dongyan
AU - Mao, Bing
AU - Liu, Peng
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2015
Y1 - 2015
N2 - Attackers often corrupt data structures to compromise software systems. As a countermeasure, data structure layout randomization has been proposed. Unfortunately, existing techniques require manual designation of randomize-able data structures without guaranteeing the correctness and keep the layout unchanged at runtime. We present a system, called SALADS, that automatically translates a program to a DSSR (Data Structure Self-Randomizing) program. At runtime, a DSSR program dynamically randomizes the layout of each security-sensitive data structure by itself autonomously. DSSR programs regularly re-randomize a data structure when it has been accessed several times after last randomization. More importantly, DSSR programs automatically determine the randomizability of instances and randomize each instance independently. We have implemented SALADS based on gcc-4.5.0 and generated DSSR user-level applications, OS kernels, and hypervisors. Our experiments show that the DSSR programs can defeat a wide range of attacks with reasonable performance overhead.
AB - Attackers often corrupt data structures to compromise software systems. As a countermeasure, data structure layout randomization has been proposed. Unfortunately, existing techniques require manual designation of randomize-able data structures without guaranteeing the correctness and keep the layout unchanged at runtime. We present a system, called SALADS, that automatically translates a program to a DSSR (Data Structure Self-Randomizing) program. At runtime, a DSSR program dynamically randomizes the layout of each security-sensitive data structure by itself autonomously. DSSR programs regularly re-randomize a data structure when it has been accessed several times after last randomization. More importantly, DSSR programs automatically determine the randomizability of instances and randomize each instance independently. We have implemented SALADS based on gcc-4.5.0 and generated DSSR user-level applications, OS kernels, and hypervisors. Our experiments show that the DSSR programs can defeat a wide range of attacks with reasonable performance overhead.
UR - http://www.scopus.com/inward/record.url?scp=84951279835&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84951279835&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-24174-6_4
DO - 10.1007/978-3-319-24174-6_4
M3 - Conference contribution
AN - SCOPUS:84951279835
SN - 9783319241739
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 69
EP - 89
BT - Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
A2 - Ryan, Peter Y.A.
A2 - Pernul, Günther
A2 - Weippl, Edgar
PB - Springer Verlag
T2 - 20th European Symposium on Research in Computer Security, ESORICS 2015
Y2 - 21 September 2015 through 25 September 2015
ER -