TY - GEN
T1 - Saffire
T2 - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
AU - Mishra, Shachee
AU - Polychronakis, Michalis
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/9
Y1 - 2020/9
N2 - The sophistication and complexity of recent exploitation techniques, which rely on memory disclosure and whole-function reuse to bypass address space layout randomization and control flow integrity, is indicative of the effect that the combination of exploit mitigations has in challenging the construction of reliable exploits. In addition to software diversification and control flow enforcement, recent efforts have focused on the complementary approach of code and API specialization to restrict further the critical operations that an attacker can perform as part of a code reuse exploit. In this paper we propose Saffire, a compiler-level defense against code reuse attacks. For each calling context of a critical function, Saffire creates a specialized and hardened replica of the function with a restricted interface that can accommodate only that particular invocation. This is achieved by applying static argument binding, to eliminate arguments with static values and concretize them within the function body, and dynamic argument binding, which applies a narrow-scope form of data flow integrity to restrict the acceptable values of arguments that cannot be statically derived. We have implemented Saffire on top of LLVM, and applied it to a set of 11 applications, including Nginx, Firefox, and Chrome. The results of our experimental evaluation with a set of 17 real-world ROP exploits and three whole-function reuse exploits demonstrate the effectiveness of Saffire in preventing these attacks while incurring a negligible runtime overhead.
AB - The sophistication and complexity of recent exploitation techniques, which rely on memory disclosure and whole-function reuse to bypass address space layout randomization and control flow integrity, is indicative of the effect that the combination of exploit mitigations has in challenging the construction of reliable exploits. In addition to software diversification and control flow enforcement, recent efforts have focused on the complementary approach of code and API specialization to restrict further the critical operations that an attacker can perform as part of a code reuse exploit. In this paper we propose Saffire, a compiler-level defense against code reuse attacks. For each calling context of a critical function, Saffire creates a specialized and hardened replica of the function with a restricted interface that can accommodate only that particular invocation. This is achieved by applying static argument binding, to eliminate arguments with static values and concretize them within the function body, and dynamic argument binding, which applies a narrow-scope form of data flow integrity to restrict the acceptable values of arguments that cannot be statically derived. We have implemented Saffire on top of LLVM, and applied it to a set of 11 applications, including Nginx, Firefox, and Chrome. The results of our experimental evaluation with a set of 17 real-world ROP exploits and three whole-function reuse exploits demonstrate the effectiveness of Saffire in preventing these attacks while incurring a negligible runtime overhead.
KW - return into libc
KW - Return Oriented Programming
KW - software debloating
UR - https://www.scopus.com/pages/publications/85091895666
U2 - 10.1109/EuroSP48549.2020.00010
DO - 10.1109/EuroSP48549.2020.00010
M3 - Conference contribution
AN - SCOPUS:85091895666
T3 - Proceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
SP - 17
EP - 33
BT - Proceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 7 September 2020 through 11 September 2020
ER -