Real-time address leak detection on the DynamoRIO platform using dynamic taint analysis
Loading...
Authors
Piazza, Toshi
Issue Date
2018-05
Type
Electronic thesis
Thesis
Thesis
Language
ENG
Keywords
Computer science
Alternative Title
Abstract
Address Space Layout Randomization, or ASLR, has long since served as one of the most effective deterrents to successful and, in particular, reliable exploits. However, a successful exploit may bypass ASLR by employing some form of address leak in order to determine the locations of useful functions for return-oriented programming, or to proceed with a metadata corruption exploit on the heap. We present a tool, DrASLRHarden, which facilitates the real-time protection of Linux ARM binaries by maintaining integrity of ASLR, as opposed to more convention tools such as TaintTrace and TaintCheck which maintain integrity of control flow. We introduce DrTaint, a library built using the DynamoRIO dynamic binary instrumentation platform to expose a pluggable taint analysis system, primarily for use by DrASLRHarden. Our contribution is a novel application of dynamic taint analysis to detect all classes of address leaks in running binaries which would otherwise cause a partial break of ASLR. Through testing performed on many CTF-inspired programs which contain bugs to expose various leaks, we demonstrate that our analysis successfully catches the majority of leaks we would like to prevent, albeit at a large slowdown for heavily CPU-bound workloads.
Description
May 2018
School of Science
School of Science
Full Citation
Publisher
Rensselaer Polytechnic Institute, Troy, NY