Stack Layout Randomization with Minimal Rewriting of Android Binaries
Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application exec...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2015
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2919 https://ink.library.smu.edu.sg/context/sis_research/article/3919/viewcontent/icisc15.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-3919 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-39192023-08-29T07:06:49Z Stack Layout Randomization with Minimal Rewriting of Android Binaries Liang, Yu Ma, Xinjie Wu, Daoyuan Tang, Xiaoxiao GAO, Debin Peng, Guojun Jia, Chunfu Zhang, Huanguo Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by a state-of-the-art randomization approach) to 97.6% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks. 2015-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/2919 info:doi/10.1007/978-3-319-30840-1_15 https://ink.library.smu.edu.sg/context/sis_research/article/3919/viewcontent/icisc15.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Memory layout randomization Android security Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Memory layout randomization Android security Information Security |
| spellingShingle |
Memory layout randomization Android security Information Security Liang, Yu Ma, Xinjie Wu, Daoyuan Tang, Xiaoxiao GAO, Debin Peng, Guojun Jia, Chunfu Zhang, Huanguo Stack Layout Randomization with Minimal Rewriting of Android Binaries |
| description |
Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by a state-of-the-art randomization approach) to 97.6% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks. |
| format |
text |
| author |
Liang, Yu Ma, Xinjie Wu, Daoyuan Tang, Xiaoxiao GAO, Debin Peng, Guojun Jia, Chunfu Zhang, Huanguo |
| author_facet |
Liang, Yu Ma, Xinjie Wu, Daoyuan Tang, Xiaoxiao GAO, Debin Peng, Guojun Jia, Chunfu Zhang, Huanguo |
| author_sort |
Liang, Yu |
| title |
Stack Layout Randomization with Minimal Rewriting of Android Binaries |
| title_short |
Stack Layout Randomization with Minimal Rewriting of Android Binaries |
| title_full |
Stack Layout Randomization with Minimal Rewriting of Android Binaries |
| title_fullStr |
Stack Layout Randomization with Minimal Rewriting of Android Binaries |
| title_full_unstemmed |
Stack Layout Randomization with Minimal Rewriting of Android Binaries |
| title_sort |
stack layout randomization with minimal rewriting of android binaries |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2015 |
| url |
https://ink.library.smu.edu.sg/sis_research/2919 https://ink.library.smu.edu.sg/context/sis_research/article/3919/viewcontent/icisc15.pdf |
| _version_ |
1779156945493557248 |