Software immunity through diversity is a promising research direction.
Address Space Layout Randomization has been widely deployed to defend against
code-reuse attacks and significantly raises the bar for attackers. However,
automated software diversity is still exploitable by adroit and adaptable
adversaries. Using powerful memory disclosure attacks, offensive researchers
have demonstrated weaknesses in conventional randomization techniques. In
addition, current defenses are largely passive and allow attackers to
continuously brute-force randomized defenses with little impediment.
Building on the foundation of automated software diversity, we propose novel
techniques to strengthen the security and broaden the impact of code
randomization. We first discuss software booby traps, a new active defense
technique enabled by randomized program contents. We then propose, implement,
and evaluate a comprehensive randomization-based system, Readactor++, which is
resilient to all types of memory disclosure attacks. Readactor++ enforces
execute-only memory protections on commodity x86 processors, thus preventing
direct disclosure of randomized code. We also identify the indirect disclosure
attack, a new class of code leakage via data disclosure, and mitigate this
attack as well. By integrating booby traps into our system, we protect against
brute-force memory disclosure attempts. In our evaluation we find that
Readactor++ compares favorably to other memory-disclosure resilient code-reuse
defenses and that it scales effectively to complex, real-world software.
Finally, we propose a novel extension of code randomization to mitigate
side-channel rather than code-reuse attacks. Using control-flow diversity, a
novel control-flow transformation, we introduce dynamic behavior into program
side effects with fast, static code. As an example, we apply this technique to
mitigate an AES cache side-channel attack.
With our techniques, software diversity can now be efficiently secured against
advanced attacks, including memory disclosure and function table reuse, and is
adaptable to combat new classes of threats, such as side-channel attacks.