Real-time address leak detection on the DynamoRIO platform using dynamic taint analysis

Piazza, Toshi
Thumbnail Image
Other Contributors
Milanova, Ana
Bruening, Derek
Milanova, Ana
Turner, Wesley D.
Goldschmidt, David E.
Issue Date
Computer science
Terms of Use
Attribution-NonCommercial-NoDerivs 3.0 United States
This electronic version is a licensed copy owned by Rensselaer Polytechnic Institute, Troy, NY. Copyright of original work retained by author.
Full Citation
Address Space Layout Randomization, or ASLR, has long since served as one of the most effective deterrents to successful and, in particular, reliable exploits. However, a successful exploit may bypass ASLR by employing some form of address leak in order to determine the locations of useful functions for return-oriented programming, or to proceed with a metadata corruption exploit on the heap. We present a tool, DrASLRHarden, which facilitates the real-time protection of Linux ARM binaries by maintaining integrity of ASLR, as opposed to more convention tools such as TaintTrace and TaintCheck which maintain integrity of control flow. We introduce DrTaint, a library built using the DynamoRIO dynamic binary instrumentation platform to expose a pluggable taint analysis system, primarily for use by DrASLRHarden. Our contribution is a novel application of dynamic taint analysis to detect all classes of address leaks in running binaries which would otherwise cause a partial break of ASLR. Through testing performed on many CTF-inspired programs which contain bugs to expose various leaks, we demonstrate that our analysis successfully catches the majority of leaks we would like to prevent, albeit at a large slowdown for heavily CPU-bound workloads.
May 2018
School of Science
Dept. of Computer Science
Rensselaer Polytechnic Institute, Troy, NY
Rensselaer Theses and Dissertations Online Collection
CC BY-NC-ND. Users may download and share copies with attribution in accordance with a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. No commercial use or derivatives are permitted without the explicit approval of the author.