Constraint-based Diversification of JOP Gadgets

by   Rodothea Myrsini Tsoupidi, et al.

Modern software deployment process produces software that is uniform and hence vulnerable to large-scale code-reuse attacks, such as Jump-Oriented Programming (JOP) attacks. Compiler-based diversification improves the resilience of software systems by automatically generating different assembly code versions of a given program. Existing techniques are efficient but do not have a precise control over the quality of the generated variants. This paper introduces Diversity by Construction (DivCon), a constraint-based approach to software diversification. Unlike previous approaches, DivCon allows users to control and adjust the conflicting goals of diversity and code quality. A key enabler is the use of Large Neighborhood Search (LNS) to generate highly diverse code efficiently. For larger problems, we propose a combination of LNS with a structural decomposition of the problem. To further improve the diversification efficiency of DivCon against JOP attacks, we propose an application-specific distance measure tailored to the characteristics of JOP attacks. We evaluate DivCon with 20 functions from a popular benchmark suite for embedded systems. These experiments show that the combination of LNS and our application-specific distance measure generates binary programs that are highly resilient against JOP attacks. Our results confirm that there is a trade-off between the quality of each assembly code version and the diversity of the entire pool of versions. In particular, the experiments show that DivCon generates near-optimal binary programs that share a small number of gadgets. For constraint programming researchers and practitioners, this paper demonstrates that LNS is a valuable technique for finding diverse solutions. For security researchers and software engineers, DivCon extends the scope of compiler-based diversification to performance-critical and resource-constrained applications.



page 1

page 2

page 3

page 4


Constraint-Based Software Diversification for Efficient Mitigation of Code-Reuse Attacks

Modern software deployment process produces software that is uniform, an...

Learning to Superoptimize Real-world Programs

Program optimization is the process of modifying software to execute mor...

Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets

Despite extensive testing and correctness certification of their functio...

Get rid of inline assembly through trustable verification-oriented lifting

Formal methods for software development have made great strides in the l...

SPAM: Stateless Permutation of Application Memory

In this paper, we propose the Stateless Permutation of Application Memor...

Automatically Tuning the GCC Compiler to Optimize the Performance of Applications Running on Embedded Systems

This paper introduces a novel method for automatically tuning the select...

A Collaborative Filtering Approach for the Automatic Tuning of Compiler Optimisations

Selecting the right compiler optimisations has a severe impact on progra...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.