Preventing kernel code-reuse attacks through disclosure resistant code diversification

Preventing kernel code-reuse attacks through disclosure resistant code diversification

Software diversity has been applied to operating system kernels to protect against code-reuse attacks. However, the security of fine-grained software diversification relies on ensuring that the code layout remains secret. Unfortunately, memory disclosure vulnerabilities assist adversaries in bypassi...

Full description

Saved in:
Bibliographic Details
Published in:2016 IEEE Conference on Communications and Network Security (CNS) pp. 189 - 197
Main Authors: Gionta, Jason, Enck, William, Larsen, Per
Format: Conference Proceeding
Language:English
Published: IEEE 01-10-2016
Subjects:
Diversity reception
Hardware
Kernel
Layout
Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software diversity has been applied to operating system kernels to protect against code-reuse attacks. However, the security of fine-grained software diversification relies on ensuring that the code layout remains secret. Unfortunately, memory disclosure vulnerabilities assist adversaries in bypassing software diversity protections by leaking the code layout. In this paper, we propose KHide, a system that thwarts kernel code-reuse attacks by combining fine-grained software diversity techniques and memory disclosure protection. First, we apply multiple fine-grained software diversity techniques to kernel code at compile time. Next, we propose a technique to protect diversified kernel code against memory disclosure at runtime. As a result, an attacker cannot predict or identify gadgets in memory to launch code-reuse attacks. We implement KHide for the Linux kernel. Our evaluation shows that KHide disclosure protection has negligible performance impact in comparison to fine-grained software diversity. We provide a security analysis of KHide calculating the survivability of gadgets across diversified versions. Our results show that KHide provides comprehensive protection against the threat of kernel code-reuse with acceptable performance impact.
DOI:10.1109/CNS.2016.7860485