TY - GEN
T1 - Defeating ROP through denial of stack pivot
AU - Prakash, Aravind
AU - Yin, Heng
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/12/7
Y1 - 2015/12/7
N2 - Return-Oriented Programming (ROP) is a popular and prevalent infiltration technique. While current solutions based on code randomization, artificial diversification and Control-Flow Integrity (CFI) have rendered ROP attacks harder to accomplish, they have been unsuccessful in completely eliminating them. Particularly, CFIbased approaches lack incremental deployability and impose high performance overhead - Two key requirements for practical application. In this paper, we present a novel compiler-level defense against ROP attacks. We observe that stack pivoting - A key step in executing ROP attacks - often moves the stack pointer from the stack region to a non-stack (often heap) region, thereby violating the integrity of the stack pointer. Unlike CFI-based defenses, our defense does not rely on the control-flow of the program. Instead, we assert the sanity of stack pointer at predetermined execution points in order to detect stack pivoting and thereby defeat ROP. The key advantage of our approach is that it allows for incremental deployability, an Achilles heel for CFI. That is, we can selectively protect some modules that can coexist with other unprotected modules. Other advantages include: (1) We do not depend on ASLR - which is particularly vulnerable to information disclosure attacks, and (2) We do not make any assumptions regarding the so called "gadget". We implemented our defense in a proofof- concept LLVM-based system called PBlocker. We evaluated PBlocker on SPEC 2006 benchmark and show an average runtime overhead of 1.04%.
AB - Return-Oriented Programming (ROP) is a popular and prevalent infiltration technique. While current solutions based on code randomization, artificial diversification and Control-Flow Integrity (CFI) have rendered ROP attacks harder to accomplish, they have been unsuccessful in completely eliminating them. Particularly, CFIbased approaches lack incremental deployability and impose high performance overhead - Two key requirements for practical application. In this paper, we present a novel compiler-level defense against ROP attacks. We observe that stack pivoting - A key step in executing ROP attacks - often moves the stack pointer from the stack region to a non-stack (often heap) region, thereby violating the integrity of the stack pointer. Unlike CFI-based defenses, our defense does not rely on the control-flow of the program. Instead, we assert the sanity of stack pointer at predetermined execution points in order to detect stack pivoting and thereby defeat ROP. The key advantage of our approach is that it allows for incremental deployability, an Achilles heel for CFI. That is, we can selectively protect some modules that can coexist with other unprotected modules. Other advantages include: (1) We do not depend on ASLR - which is particularly vulnerable to information disclosure attacks, and (2) We do not make any assumptions regarding the so called "gadget". We implemented our defense in a proofof- concept LLVM-based system called PBlocker. We evaluated PBlocker on SPEC 2006 benchmark and show an average runtime overhead of 1.04%.
UR - http://www.scopus.com/inward/record.url?scp=84959318406&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84959318406&partnerID=8YFLogxK
U2 - 10.1145/2818000.2818023
DO - 10.1145/2818000.2818023
M3 - Conference contribution
AN - SCOPUS:84959318406
T3 - ACM International Conference Proceeding Series
SP - 111
EP - 120
BT - Proceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
PB - Association for Computing Machinery
T2 - 31st Annual Computer Security Applications Conference, ACSAC 2015
Y2 - 7 December 2015 through 11 December 2015
ER -