Ecole d'ingénieur et centre de recherche en Sciences du numérique

Leakage-resilient layout randomization for mobile devices

Braden, Kjell; Crane, Stephen; Davi, Lucas; Franz, Michael; Larsen, Per; Liebchen, Christopher; Sadegh, Ahmad-Reza

NDSS 2016, Network and Distributed System Security Symposium, 21-24 February 2016, San Diego, CA, USA

Attack techniques based on code reuse continue to enable real-world exploits bypassing all current mitigations. Code randomization defenses greatly improve resilience against code reuse. Unfortunately, sophisticated modern attacks such as JIT-ROP can circumvent randomization by discovering the actual code layout on the target and relocating the attack payload on the fly. Hence, effective code randomization additionally requires that the code layout cannot be leaked to adversaries. Previous approaches to leakage-resilient diversity have either relied on hardware features that are not available in all processors, particularly resource-limited processors commonly found in mobile devices, or they have had high memory overheads. We introduce a code randomization technique that avoids these limitations and scales down to mobile and embedded devices: Leakage-Resilient Layout Randomization (LR2). Whereas previous solutions have relied on virtualization, x86 segmentation, or virtual memory support, LR2 merely requires the underlying processor to enforce a WX policy--a feature that is virtually ubiquitous in modern processors, including mobile and embedded variants. Our evaluation shows that LR2 provides the same security as existing virtualization-based solutions while avoiding design decisions that would prevent deployment on less capable yet equally vulnerable systems. Although we enforce execute-only permissions in software, LR2 is as efficient as the best-in-class virtualization-based solution

Document Bibtex

Titre:Leakage-resilient layout randomization for mobile devices
Ville:San Diego
Département:Sécurité numérique
Eurecom ref:4797
Copyright: © ISOC. Personal use of this material is permitted. The definitive version of this paper was published in NDSS 2016, Network and Distributed System Security Symposium, 21-24 February 2016, San Diego, CA, USA and is available at :
Bibtex: @inproceedings{EURECOM+4797, year = {2016}, title = {{L}eakage-resilient layout randomization for mobile devices}, author = {{B}raden, {K}jell and {C}rane, {S}tephen and {D}avi, {L}ucas and {F}ranz, {M}ichael and {L}arsen, {P}er and {L}iebchen, {C}hristopher and {S}adegh, {A}hmad-{R}eza}, booktitle = {{NDSS} 2016, {N}etwork and {D}istributed {S}ystem {S}ecurity {S}ymposium, 21-24 {F}ebruary 2016, {S}an {D}iego, {CA}, {USA}}, address = {{S}an {D}iego, {\'{E}}{TATS}-{UNIS}}, month = {02}, url = {} }