Diversification of Stack Layout in Binary Programs Using Dynamic Binary TranslationReport
Despite protracted efforts by researchers and practitioners, security vulnerabilities remain in modern software. Artificial diversity is an effective defense against many types of attack, and one form, address-space randomization, has been widely applied. Present implementations of address- space randomization are either coarse grained or require source code. We present an approach to fine-grained randomization of the stack layout that operates on x86 binary programs. Randomization is applied on a function-by-function basis. Variable ordering on the stack is randomized and random-length padding inserted between variables. Optionally, canaries can be placed in the padding regions. Transform determination is speculative: the stack layout for a function is inferred from the binary, and then assessed by executing the transformed program. If a transform changes a program’s semantics, progressively less aggressive transforms are applied in sequence. We present results of applying the technique to various open-source programs including details of example exploits that the technique defeated.
All rights reserved (no additional license for public reuse)
Rodes, Benjamin, Anh Nguyen-Tuong, John Knight, James Shepherd, Jason Hiser, Michelle Co, and Jack Davidson. "Diversification of Stack Layout in Binary Programs Using Dynamic Binary Translation." University of Virginia Dept. of Computer Science Tech Report (2012).
University of Virginia, Department of Computer Science