SBIR-STTR Award

Over a decade ago, security practitioners highlighted threats posed by memory corruption exploits subverting systems through manipulation of security-critical non-control-datawithout ever corrupting application control-flow. Since that demonstration, however, the full power of data-oriented attacks went largely unnoticed until very recently. One reason for this recent emergence is that exploitation of critical software (e.g., browsers, document-viewers, webservers) is getting harder due to widespread deployment of mitigations such as Data-Execution Prevention (DEP), Address-Space Layout Randomization (ASLR) and Control-Flow Integrity (CFI). Exploitation in face of DEP forces adversaries to rely on finding clever ways to chain together small instruction snippets (gadgets) to implement malicious logic, while bypassing ASLR requires disclosure of memory to identify those gadgets. With the deployment of CFI (e.g., CFGuard) in modern systems, however, sequencing gadgets is increasingly difficult. Not surprisingly, attacks simply evolved to instead make better use of memory disclosures (and modifications) by leaking security-sensitive data (e.g. HeartBleed) or modifying security-critical data (e.g., disabling DEP or browser same-origin policies). This trend will only get worse if strong protections are not put in place for guarding data in commodity closed-source software. We propose using recent advances in binary analysis to adapt source-based sandboxing to closed-source applications.

Over a decade ago, security practitioners highlighted threats posed by memory corruption exploits subverting systems through manipulation of security-critical non-control-data — without ever corrupting application control-flow. Since that demonstration, however, the full power of data-oriented attacks went largely unnoticed until very recently. One reason for this recent emergence is that exploitation of critical software (e.g., browsers, document-viewers, webservers) is getting harder due to widespread deployment of mitigations such as Data-Execution Prevention (DEP), Address-Space Layout Randomization (ASLR) and Control-Flow Integrity (CFI). Exploitation in face of DEP forces adversaries to rely on ?nding clever ways to chain together small instruction snippets (gadgets) to implement malicious logic, while bypassing ASLR requires disclosure of memory to identify those gadgets. With the deployment of CFI (e.g., CFGuard) in modern systems, however, sequencing gadgets is increasingly difficult. Not surprisingly, attacks simply evolved to instead make better use of memory disclosures (and modifications) by leaking security-sensitive data (e.g., HeartBleed) or modifying security-critical data (e.g., disabling DEP or browser same-origin policies). This trend will only get worse if improved techniques are not developed for identifying security critical data and guarding said data in commodity software. We explore the design and implementation of several techniques to mitigate this trend.