Memory-unsafe programming languages,such as C/C++,are often used to develop system programs,rendering the programs susceptible to a variety of memory corruption attacks.Among these threats,just-in-time return-oriented...Memory-unsafe programming languages,such as C/C++,are often used to develop system programs,rendering the programs susceptible to a variety of memory corruption attacks.Among these threats,just-in-time return-oriented programming(JIT-ROP)stands out as an advanced method for conducting code-reuse attacks,effectively circumventing code randomization safeguards.JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically.In response to JIT-ROP attacks,several re-randomization implementations have been developed to prevent the use of disclosed code.However,existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls,incurring significant runtime overhead.In this paper,we present the design and implementation of PtrProxy,an efficient re-randomization approach on the AArch64 platform.Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions,this approach triggers the re-randomization process by detecting the code page harvest operation,which is a fundamental operation of the JIT-ROP at-tacks,making our method more efficient and reliable than previous approaches.We evaluate PtrProxy on benchmarks and real-world applications.The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead.展开更多
基金supported in part by the National Natural Science Foundation of China(62272351,61972297,62172308).
文摘Memory-unsafe programming languages,such as C/C++,are often used to develop system programs,rendering the programs susceptible to a variety of memory corruption attacks.Among these threats,just-in-time return-oriented programming(JIT-ROP)stands out as an advanced method for conducting code-reuse attacks,effectively circumventing code randomization safeguards.JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically.In response to JIT-ROP attacks,several re-randomization implementations have been developed to prevent the use of disclosed code.However,existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls,incurring significant runtime overhead.In this paper,we present the design and implementation of PtrProxy,an efficient re-randomization approach on the AArch64 platform.Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions,this approach triggers the re-randomization process by detecting the code page harvest operation,which is a fundamental operation of the JIT-ROP at-tacks,making our method more efficient and reliable than previous approaches.We evaluate PtrProxy on benchmarks and real-world applications.The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead.
