denesstealthy

ROPisStillDangerous:BreakingModernDefensesNicholasCarliniDavidWagnerUniversityofCalifornia,BerkeleyAbstractReturnOrientedProgramming(ROP)hasbecometheex-ploitationtechniqueofchoiceformodernmemory-safetyvulnerabilityattacks.
Recently,therehavebeenmulti-pleattemptsatdefensestopreventROPattacks.
Inthispaper,weintroducethreenewattackmethodsthatbreakmanyexistingROPdefenses.
ThenweshowhowtobreakkBouncerandROPecker,tworecentlow-overheadde-fensesthatcanbeappliedtolegacysoftwareonexistinghardware.
WeexamineseveralrecentROPattacksseeninthewildanddemonstratethatourtechniquessuccessfullycloakthemsotheyarenotdetectedbythesedefenses.
OurattacksapplytomanyCFI-baseddefenseswhichweargueareweakerthanpreviouslythought.
Futuredefenseswillneedtotakeourattacksintoaccount.
1IntroductionThewidespreadadoptionofDEP,whichensuresthatallwritablepagesinmemoryarenon-executable,haslargelykilledclassiccodeinjectionattacks.
Initsplace,ReturnOrientedProgramming(ROP)hasbecometheattacktech-niqueofchoicefornearlyallmodernexploitsofmemory-safetyvulnerabilities.
InaROPattack,theattackerdoesnotinjectnewcode;instead,themaliciouscomputationisperformedbychainingtogetherexistingsequencesofinstructions(calledgadgets)[27].
Inresponsetothis,therehasbeenalargeefforttonddefensesthatprotectagainstROPattacks.
Defensesfallintotwobroadcategories.
Therstcategoryofdefensesre-liesonrecompilationtoremovepotentialgadgetsfromtheprogrambinaryortoenforcetheControl-FlowIntegrity(CFI)[4]ofthebinary.
Theothercategoryofdefensesat-temptstotransparentlyprotectlegacybinariesusingrun-timeprotections.
Inthispaper,wepresentthreeattackmethodsthatcanbecombinedtobreakmanyexistingROPdefensesfrombothofthesecategories.
Ourrstmethodbreaksthecon-ventionalwisdomthatitisdifculttomountattacksinafullycall-precededmanner,thatis,wheretheinstruc-tionbeforeeachgadgetisacall.
ManyCFI-basedde-fensesrelyuponpoliciessimilartothis.
Next,weshowthatwhilemostexistingROPattacksconsistentirelyofshortgadgets,itispossibletomountattackswhichcon-sistoflonggadgetsaswell.
Therefore,defensesthatdis-tinguishaROPattackfromnormalexecutionbylookingforasequenceofshortgadgetsarenotsecure.
Finally,weexaminedefensesthatrecordalimitedhistoryoftheexecutionstateofaprocess.
Weshowitispossibletoeffectivelyclearoutanyhistorykeptbythesedefenses,renderingthemineffective.
Weusetheseattackstobreaktworecentstate-of-the-artruntimedefenses,kBouncer[23]andROPecker[11].
Thesedefensesareparticularlyinterestingbecausetheycanbedeployedonexistinghardware,havenearlyzeroperformanceoverhead,anddonotrequirebinaryrewrit-ing.
kBouncer[23]takesadvantageofhardwaresupportforrecordingindirectbranchesandexaminesthishistoryateachsystemcallinordertopreventROPattacksfromissuinganymalicioussyscalls.
ROPecker[11]extendskBouncerinnovelways.
InadditiontocheckingforanysignsofaROPattackateachsystemcall,ROPeckerad-ditionallychecksforattacksatvariouspointsthroughoutprogramexecution.
Weshowthatbothoftheseschemesarebroken.
WhiletheymaydetectexistingROPattacks,wegivewaysofmodifyingaROPattacksoitwillnotbedetectedbyei-therofthesedefenses.
Theattackswedevelopinbreak-ingthesedefensesarealsoapplicabletomanyrecentCFI-basedapproaches,anddiscusshowourworkcanbeap-pliedtofourinparticular.
Thispapermakesthreecontributions:1.
WeintroducethreenovelROPattacksmethodsthatdemonstrateweaknessesinmultipledefenses.
2.
WedemonstratetheseattacksonkBouncerandROPecker,twostate-of-the-artROPdefenses.
Wemodifyreal-worldexploits,whichthesedefenseswereshowntoprevent,tobypassthem.
3.
OurattacksprovideabaselinesetofattacksthatcanbeusedtoevaluatefutureROPdefenses.
2IntroductiontoROPAttacksReturnOrientedProgramming(ROP)[27]isageneral-izationofreturn-into-libc[24]attackswhereanattackercausestheprogramtoreturntoarbitrarypointsintheprogram'scode.
Thisallowsonetoperformmaliciouscomputationwithoutinjectinganynewmaliciouscodebyonlycontrollingtheprogram'sexecutionow.
IthasbeenshownthatROPcanperformTuring-completecomputa-tion[30].
Weprovideaverybriefoverviewofreturnori-entedprogramminginthissection.
Foramorecompleteintroduction,wereferthereaderto[7,25,27].
AROPexploitconsistsofmultiplegadgetsthatarechainedtogether.
Eachgadgetperformssomesmallcom-putation,suchasloadingavaluefrommemoryintoareg-isteroraddingtworegisters.
InaROPattack,theattackerndsgadgetswithintheoriginalprogramtextandcausesthemtobeexecutedinsequencetoperformataskotherthanwhatwasintended.
Gadgetchainingisachievedbyinuencingindirectjumpsexecutedbytheprogram.
Eachgadgetbeginswithsomeusefulinstructions(e.
g.
,movrax,rbx)andendswithanindirectjump(e.
g.
,retorjmp*rcx).
Theat-tackerchainsgadgetstogetherbycontrollingthetargetofagadget'sindirectjumptopointtothebeginningofthenextgadgetinthesequence.
InaclassicROPattack,gad-getsendwiththeretinstructionandtheattackerchainsgadgetsbywritingappropriatevaluesoverthestack.
ManyROPattacksuseunintendedinstructionse-quences.
Becausex86instructionsarevariable-width,itispossiblethatapotentiallyusefulgadgetsequenceexistswhenstartingatanoffsetthatwasnotintendedtobethebeginningofaninstruction.
Ourattacksdonotrelyonunintendedinstructions.
InFigure1,wegiveanexampleROPexploitthatadds0x32400tothevaluestoredataddress0x4a304120.
Thisexploitbeginsbyinitializingtworegisters.
Itthenreadsthevaluestoredataddresseax,storesitintoeax,addsebxtoeax,andstoresthisvaluebackintomemory.
AddressSpaceLayoutRandomization(ASLR).
OnecommondefenseforROPattacksisASLRwhichworksbyrandomlymovingthesegmentsofaprogram(includ-ingthetextsegment)aroundinmemory,preventingtheat-tackerfrompredictingtheaddressofusefulgadgets.
De-spiteASLR,ROPattacksarestillcommoninthewildfortworeasons.
First,ifevenasinglemodulehasASLRdisabled,aROPattackmaybeformedaroundonlythecodeinthatmodule.
Second,anattackermayuseanin-formationdisclosurevulnerabilitytode-randomizesomemodule[29].
Figure1:AnexampleROPexploitwhichaddsthecon-stant0x32400tothewordataddress0x4a304120.
Attheleftisthestackoftheprocesswiththeaddressesofthegadgetsandthevaluestoinitializetheregisters.
Atrightaretheinstructionsatthoseaddresses.
3OurThreeAttackPrimitivesWehaveidentiedthreebuildingblocksthatareusefulinattackingROPdefenses:Call-PrecededROP.
Normally,inawell-structuredprogram,everyretinstructionreturnsbacktoanin-structionthatimmediatelyfollowsacorrespondingcall.
ROPattacksdeviatefromthispattern.
There-fore,manyROPdefensesensurethateveryretin-structionalwaystargetsaninstructionthatimmedi-atelyfollowssomecall.
Ourattackdemonstratesthatthispolicyisnotsufcient:ROPattacksarestillpossibleevenwhenreturnsarerestrictedinthisway.
EvasionAttacks.
Itiscommonfordefensesthatmonitorprogramexecutionatruntimetohaveamethodofclassifyingexecutionaseither"normalexecution"or"gadget".
Evasionattacksinvolveus-inggadgetsthatthedefenseclassiesas"normal.
"HistoryFlushing.
Somedefensesmaintainonlyalimitedamountofhistoryaboutexecutionandin-spectthishistoryperiodically.
Wecanbypassde-fenseswiththispropertybyushingthetruehistory(cleansingthehistoryofallsignsoftheROPattack)andthenpresentinganew,fakeviewofhistorythatthedefensewillnotclassifyasanattack.
Eachofthesethreeattackprimitivesbypassesacommondefensemechanism.
Thissectiongivesmoredetailabouteachofthesethreeprimitives.
WethencombinethemindifferentwaystomountourfullattacksonkBouncer[23]andROPecker[11]inthefollowingsections.
3.
1Call-PrecededROPThecall-precededpolicy.
Wesaythataninstructioniscall-precedediftheinstructionimmediatelyprecedingitisacallinstruction.
ManyROPdefenses[6,23,32,34]applythefollowingpolicy:anytimearetinstructionisexecuted,itstargetmustbeacall-precededinstruction.
ThispolicyseemshelpfulfordefendingagainstROPattacks.
Inwell-structuredprograms,callsandreturnsusuallycomeinpairs.
Anyaddressthatisreturnedtowasalmostalwayspushedbyacallinstructionprevi-ously.
InaROPattack,gadgetsusetheretinstructiontochaingadgetstogether,sothispolicydramaticallylim-itsthespaceofcandidateaddresseswheregadgetscanbechosenfrom.
Forinstance,oneevaluationfoundthatonly6%ofgadgetsarecall-preceded[23].
Thus,onemightintuitivelyexpectthecall-precededpolicytosignicantlyincreasethedifcultyofmountingaROPattack.
Usingonlycall-precededgadgets.
Despitethisintu-ition,wendthatitispossibletomountROPattacksinafullycall-precededmanner,whereallgadgetsstartatacall-precededaddress.
Thekeyideaisweallowgadgetstobemorecomplex.
Thisincreasesthespaceofcandidategadgetsenoughtondmanycall-precededgadgets.
Byallowingourgadgetstobelongandcontaindirectjumpsorevenconditionaljumps,wendmanymoreusefulgad-gets.
Inourexperiments(see§8.
2),70KBofbinarycodewassufcienttomountfullycall-precededROPattacks.
3.
2EvasionAttacksClassication-baseddefenses.
OtherROPdefensesworkbymonitoringtheruntimebehaviorofaprocessandtrytodetectROPattacksbyclassifyingsegmentsofex-ecutionaseither"gadget"or"non-gadget",usingsomesignaturethatisintendedtocharacterizeattributesofROPgadgets.
Oneofthemostcommonapproachesusedtoclassifyexecution,asusedin[11,23],usesalength-basedclassier.
ExistingROPattackstendtoconsistoflongse-quencesofshortgadgets,andsothesedefensesusethisastheirheuristictoclassifygadgets.
Thesedefensesseparatetheexecutiontraceintoseg-mentsofordinaryinstructions,separatedbyindirectin-structions(e.
g.
,returns,indirectjumps).
Alength-baseddefenseclassieseachsegmentasgadgetornon-gadgetbyexaminingitslength:ashortsegmentisclassiedasagadgetandalongsegmentasanon-gadget.
Ifthedefenseobservestoomanyshortsegmentswithinsomewindow,itreportsaROPattack.
Usinggadgetsthatlooklikebenignexecution.
Apowerfulattackonsuchdefensesistolookforinstruc-tionsequencesthatwouldbeclassiedbythedefenseasanon-gadget,butthatperformsomeusefulcomputation.
ThesecanthenbeusedasstealthygadgetsinaROPat-tack.
Length-basedclassiersareparticularlyeasytoevade.
Asimpleattackistouselonggadgets,sincethesewillbeincorrectlyclassiedbythedefenseasnon-gadget.
WedemonstratethatitispossibletomountaROPattackthatcontainsamixtureofbothshortandlonggadgets,thusevadingmanypublisheddetectors.
Moregenerally,onecouldimaginefutureROPde-fensesthatrelyonotherheuristicsfordistinguishingROPattacksfromnormalprogramexecution.
Anevasionat-tackisonethatwillbeclassiedbythedefenseasnormal,butinrealityallowstheattackertomountaROPattack.
3.
3HistoryFlushingHistoryinspectiondefenses.
Therearemanyruntimedefensesthatinspectprogramexecutionatdifferentpointsthroughoutitsexecution.
Typically,thesedefenseskeeponlyalimitedamountofhistoryabouttheprogram'sexe-cution,andsomustdecidewhetheranattackisoccurringornotbaseduponinformationsavedintherecentpast.
Usually,performanceconsiderationsruleoutconstantlymonitoringallexecution,sothisinspectionprocessisonlyinvokedatcertainpoints(e.
g.
,whentheapplicationissuesasystemcall).
Usinggadgetstohidehistory.
SuchdefensescanbefooledbypreventingthemfromseeinganyevidenceofaROPattack.
WeperformtheROPattackwhentheyarenotwatching,periodicallyperformingenoughinnocuousactionstowipethehistorycleanofanyevidenceofthepastROPattackbeforethedefender'sinspectionprocessisinvoked.
Whilethedefenderisrunning,wedonotat-tempttomakeprogresstowardsourattackgoal.
Instead,weinserteffectiveno-opinstructionssothatthedefenderdoesnotseeanyevidenceofattack.
Thoughsimilar,thisattackisdifferentfromanevasionattack.
Anevasionattackattemptstomakeprogressintheattackwhilebeingcontinuouslymonitoredbythede-fender.
Inahistoryushingattack,thereisaperiodoftimewhenthedefenderisnotrunning,whenwemakeforwardprogress.
Beforethedefenderruns,weclearoutthishistorysoitisnotvisibletothedefender,butdonotattempttomakeforwardprogresswhilethedefenderiswatching.
Afterthedefenderhasmadeitsobservation,wecontinuewithourattack.
Forinstance,kBouncerusestheLastBranchRecord,ahardwarefeaturethatrecordsthe16mostrecentindirectjumps.
Ourhistory-ushingattackonkBouncerperformsthebulkoftheROPattack,thenperforms16innocuousindirectjumpstoremovetheevidenceoftheROPattackfromtheLastBranchRecord.
Asweshow(§8.
3),thispreventskBouncerfromdetectingtheROPattack.
4AttackGoal&ThreatModelAttackGoal.
Thegoalofeachofourattacks,with-outlossofgenerality,istoissueasinglesyscall.
Itisusuallyenoughtoissueamprotect(onLinux)orVirtualProtect(onWindows)systemcalltomakeapageinmemorybothwritableandexecutable;afterthat,exploitationistrivial.
1Thisisnottheonlypossiblegoalanattackermayhave.
Thereareothermethodsofattackthatdonotinvolveis-suingsystemcalls[10].
Wedonotconsidertheminthiswork,althoughourresultssuggesttheseattacksareequallypossible,andinsomecaseseventrivial.
ThreatModel.
Ataminimum,weassumethatanat-tackerhasaknownexploitthatallowscontrolofthein-structionpointerinthefuture.
Astackoverowissuf-cient;aheapoverowthatallowsanarbitrarymemorywritetoafunctionpointerisalsosufcient;asisdirectlyoverwritingotherfunctionpointers.
Weassumetheat-tackerknowsthatthedefenseispresentandknowshowitworks.
WeassumethatDEPisenabled,sonopageisbothwritableandexecutable.
WefocusonthecasewheretheprogramcontainsatleastonelibrarywhoseexecutableregionhasnotbeenrandomizedwithASLR,orwhereallmoduleshaveASLRenabledbutthereexistsamemorydisclosurevulnerability,asthisisthesituationthatmod-ernROPattackstypicallyexploit.
Wealsoassumethatthereexistssomewayofrunningarbitrarycodeifthenewdefenseswerenotpresent.
Wedonotclaimtocreateattacksthatallowrunningarbitrarycodeinallsituations;weonlyhopetoshowthatifitispossibletomountaROPattackwhenthedefenseisnotpresent,thenitispossiblewhenitispresent.
5DefeatingkBouncer5.
1OverviewofkBouncerPappasetal.
introducedkBouncer[23],aschemethatusesindirectbranchtracingtodetectROPattacks.
Atahighlevel,kBouncerperiodicallypausesexecutionofthepro-gram,inspectsrecentexecutionhistory,andtheneitherallowstheprocesstoproceedorkillsit.
1Alternatively,ifwecanexecutetheexecvesyscall,wecanspawnasecondprocessrunninganarbitraryprogram.
Figure2:OverviewofourhistoryhidingattackonkBouncer.
WemountatraditionalROPattack,insertanumberofinnocuousgadgetstohidethisfromkBouncer,andnallyrestoreregistersandissuethedesiredsyscall.
kBouncerusestheLastBranchRecord(LBR),afea-tureofmodernIntelCPUs,toinspectthelast16indirectbranchestakeneachtimetheprograminvokesasystemcall.
kBouncercheckstwopropertiesofthehistorystoredintheLBR.
First,itveriesthatallretinstructionsintheLBRreturnedtoacall-precededaddress.
Second,iftheeightmostrecentindirectbranchesareallgadget-like,theprocessiskilled.
kBouncerdenesasequenceofin-structionsasgadget-likeifthereexistsaowofexecutionfromtherstinstructionexecutedtoanyindirectbranchinunder20instructions.
2kBouncerisveryefcient:itonlyneedstochecktheLBRduringsystemcallsandonlychecks16differententriesintheLBR.
5.
2HistoryHidingAttack5.
2.
1AttackOverviewWedubourrstattackonkBouncerthehistoryhidingat-tack(seeFig.
2).
AtthecoreofkBounceristheassump-tionthatanattackcanbedetectedbyinspectingthestateoftheprocessatthesyscallinterface,aftertheattackerhasalreadygainedcontrolofthesystemforapotentiallyunboundedperiodoftime.
AftermountingatraditionalROPattacktopreparethestateofmemory(andpossiblydefeatASLR,ifrequired),weuseahistoryushingattacktoclearevidenceoftheattackfromtheLBR.
Finally,weuseanevasionattackandafewcarefully-chosengadgetstoissuethesyscall.
WecallaprocessstatevalidifkBouncer'sinspectionmethodwillnotdetectanattackwhenrunfromthatstate.
AstateisvalidifalloftheentriesintheLBRwhosesourceisaretinstructionhaveacall-precededdestina-tion,andifatleastoneofthelasteightentrieshasmore2kBouncercannotobservetheactualpathofexecutiontakendur-ingasequenceofinstructionsbetweentwoindirectjumps,soitcannotcountthenumberofinstructionsactuallyexecutedbetweentwoindirectjumps.
Itcanonlyobservethebeginningandendofthatsequence.
Forthisreason,kBouncerconservativelytreatsasequenceasgadget-likeifitstartswithaninstructionthatcanreachanindirectjumpinlessthan20instructions.
than20instructionsbetweensourceandthenearestindi-rectbranch.
Weshowthatitiseasytoreturntoavalidstatewhilesimultaneouslymaintainingcontrolofthepro-cess.
Thestepsofthehistoryhidingattackareasfollows:Initialexploitation.
Initially,wemountatraditionalROPattackinwhicheverwayiseasiest.
WeignorethefactthatkBouncerisrunninganduseanygadgetswewouldlike,call-precededornot.
Wethenpreparemem-orysowearereadytomakethesyscall,butwedonotinvokeityet.
Hidethehistory.
Atthispointinourexploit,wearereadytomakethesyscall,butifweweretoactuallyis-sueit,kBouncerwoulddetectanattack.
Toxthis,wemustbringtheprocessintoavalidstatewithoutlosingourprogressfromthepriorstep.
Todothisweusethehistory-ushingprimitivediscussedpreviously.
Asasideeffectofusingtheushingprimitive,theregistersmaybeclobbered,butimportantmemorylocationswillremainunchanged.
Restoreregistersandissuethesystemcall.
Afterbringingtheprocessintoavalidstate,werestoretheregis-terstotheirdesiredvalueswhilemaintainingavalidstate.
Then,weissuethesystemcall.
Thisisviaanevasionattack:becausethetaskisrelativelysimple,itcanbeac-complishedwithfewerthan8call-precededgadgets.
5.
2.
2InitialExploitationThissteppreparesmemorytomakeitaseasyaspossi-bletoissuethesyscallinasfewgadgetsaspossibleaf-terthehistoryhasbeenushed.
Inparticular,wepre-parealloftheargumentsforthesystemcallandsavetheminsomeeasilyrecoverablelocation.
Wemakenorestrictionsonthemethodstheattackermayuseduringthisstepofourattack.
Becausewearegoingtohideourhistory,kBouncerwillnotobserveanythingperformedinthisstep.
SinceROPgadgetsareTuring-complete,weareabletoperformarbitrarycomputationduringthisphase,sothisstepisstraightforwardtoimplement.
5.
2.
3HidingtheHistoryHidinghistorythroughLBRushing.
Weuseahistory-ushingprimitive,builtfromtwogadgets(Fig.
3),toremovealltracesofourattackfromtheLBR:1.
Ashortushinggadget:asimplecall-precededgad-getthatperformsaret,andideallydoesnotmodifymanyregisters.
2.
Alongterminationgadget:acall-precededgadgetthatislongenoughforkBouncertonotclassifyitasagadget:theremustbeatleast20instructions(1)popebpret(2)jmpA.
.
.
A:moveax,3ret(3)cmpeax,6jbeB.
.
.
B:ret(4)xoreax,eaxret(5)mov[eax],0ret(a)FlushingGadgetsadd[esp+17Ch],ebxmovebx,[esp+17Ch]subebx,ebpjmpA.
.
.
A:add[esp+64h],ebxjmpB.
.
.
B:movesi,[esp+1C0h]leaeax,[esi*8-4]subeax,[esp+64]andeax,7hmovedi,[esp+64]leaeax,[edi+eax+4]shreax,3cmpeax,esijbeC.
.
.
C:moveax,[esp+1C0h]addesp,19Chpopebxpopesipopedipopebpret(b)TerminationGadgetFigure3:Examplesofthetwotypesofgadgetsusedbyourhistory-hidingattackonkBouncer.
Aushinggad-getushesthecontentsoftheLBR.
Aterminationgadgetbringsthesystemintoavalidstate.
alongeverypossiblecontrolpathfromthestartofthisgadgettoanyindirectbranch.
Weusethesetwogadgetsasfollows.
First,werepeat-edlyusetheushinggadgettocompletelyclearthecon-tentsoftheLBRuntilitonlycontainstheushinggadgetrepeated16times.
ThoughtheLBRhasbeenushedandcontainsnohistoryofthepreviousROPattack,thestateisstillnotvalid.
IfkBouncerweretobeinvokedatthispoint,everyentryintheLBRwouldbeclassiedasagad-getbykBouncerandanattackwouldbedetected.
Wenowusetheterminationgadget.
ThepurposeofthisgadgetistobringtheLBRintoavalidstatebymakingatleastoneofthelasteightentriesintheLBRhavelengthgreaterthan20.
Thatis,theterminationgadgetisusedtoterminatekBouncer'sbackwardssearchforgadget-likesequences.
Wemakenoassumptionsabouttheregisterstateaftertheterminationgadgetisexecuted:theonlyrequirementisthatafterweuseit,westillhavecontrolofinstructionow.
4a833dd4dececx4a833dd5fmul[4A88BBC8h]4a833ddbjne4A833DD4Figure4:Anexampleofacontextswitchgadgetfoundinicucnv36.
dll.
Notethatduringtherststepwheretheattackerpre-paresmemory,theattackermayperformarbitrarilycom-plexcalculations.
Thismaymakeitpossibletoinitializeregistersandmemorysothatexecutingtheushinggad-getsandthentheterminationgadgetresultsinexactlythedesiredstatetoissuethesyscall.
However,thisisnotal-wayspossible.
Forexample,theterminationgadgetmayseteaxto0,butissuingthesyscallmayrequireeaxtobe7.
Ourattackhandlesthissituationbylaterrestoringregisterstate(describedbelow).
Becausetheterminationgadgetisovertwentyinstruc-tionslongandmightcontainconditionalbranches,itissometimesnecessarytoinitializeregistersandmemorytomeetthepreconditionsforsuccessfulexecutionoftheter-minationgadget.
First,weneedtoensurethatanycondi-tionalbranchesintheterminationgadgetwillbefollowedinaspecicmanner.
Second,memoryreadsandwritesmustnotfaultandcrashtheprocess.
Thisisoftenaseasyasinitializingregisterstospecicvaluesbeforeusingtheterminationgadget.
Wehavefoundthatterminationgad-getsareverycommon,andthatitisofteneasytondterminationgadgetsthatperformonlyafewconditionalbranchesandmemoryreadsandwrites(see§8.
3.
1).
HistoryhidingbyitselfdoesnotdefeatkBouncer,butitsimpliestheattacker'sjobfromexpressingtheentireattackusingcall-precededgadgetstoexpressingonlythenalstepoftheattackusingcall-precededgadgets.
Hidinghistorythroughcontextswitching.
Wealsofoundanalternativewaytoushhistory.
TheLBRissharedacrossalluser-spaceprocesses.
ThisletsusushtheLBRusingasinglegadget,thecontextswitchgad-get.
Acontextswitchgadgetisonethatwillrunformanysecondsandwillnotcontainanyindirectbranches.
Thesimplestwaytondsuchagadgetistolookforloopsthatperformaverylimitedcomputationusingonlyregisters,seeFig.
4foronesuchexample.
ToushtheLBR,wecallthecontextswitchgadgetonce.
Duetothenumberofcyclesthisgadgettakestoex-ecute,itisalmostcertainthattherewillbeseveralcontextswitchestootheruserthreadsduringitsexecution.
Whenthishappens,theotherthreadwillwriteitsownentriestotheLBR,ushingallhistoryofourpriorattack.
Even-tually,whenourcontextswitchgadgetnishes,theLBRwillbeinavalidstateaslongastheotherprocesswasnotunderattack,astheLBRisnowfullofinnocuousentriesfromtheotherprocess.
FuturehardwarecouldsaveandrestoretheLBRoncontextswitches,whichwouldpreventthismethodofhis-toryushing.
Therefore,wedidnotusethisapproachinourcasestudies(§8);instead,weusedushingandtermi-nationgadgets,whichwouldsufcetohidehistoryeveniftheLBRwassavedandrestoredoneachcontextswitch.
5.
2.
4RestoringRegisterswithReturnsWemustnowrestoretheregisterstotheirdesiredvaluesinorderforthesyscalltoproceed.
Thisisbyfarthesim-pleststepandcanbeusuallybeaccomplishedwithafewgadgetsthatpopregistervaluesoffthestack.
kBouncerwillbeabletoobserveeachgadgetweuse,soeachonemustbecall-precededandwemustusefewerthaneight.
Thisstepisoftenveryeasybecauseofthex86callingconvention:theprocedurebeingcalledmustrestoreal-mostalloftheregisters,soprocedurestendtobeginbypushingalloftheregistersontothestackandendbypop-pingthosevaluesofftorestorethem.
Thisallowsustondagadgetthatpopsalltheregistersoffthestackandthenreturns.
Usually,wecanndallthe(call-preceded)gadgetsweneedinthisway.
5.
2.
5RestoringRegisterswithoutReturnsThereareotherwaystorestoreregisterstate.
Wenowdiscussfouralternativemethods.
Thersttwoareexistingtechniquesthatcanbeappliedhere,butinourexperiencearedifculttoapplyinpracticeduetothefactthatwemustusefewerthaneightgadgets.
Wehavefoundthelatertwotechniquesmoreapplicableinpractice.
ROPwithoutreturninstructions.
Checkowayetal.
founditispossibletomountaROPattackbylook-ingforapopfollowedbyanindirectjump(e.
g.
,popedx;jmp*edx)[8].
Thisinstructionsequenceisfunctionallyidenticaltoaret,andsocansimplybeusedinitsplace.
However,thesesequencesarelesscommon.
JumpOrientedProgramming(JOP).
JOPattacksuseregister-indirectjumpstochaingadgetstogether.
Unfor-tunately,eachusefulgadgetmustbefollowedbyadis-patchergadget,whichisusedforchaining.
Sincewemustrestoreregisterstatewithatmosteightgadgets,ifwewanttouseJOP,wearelimitedtofourusefulJOPgadgets.
UsingNon-Call-PrecededGadgets.
Occasionally,itmaybeeasiertousenon-call-precededgadgets.
Wecaninvokeanon-call-precededgadgetusingareectorgad-get.
Areectorgadgetisacall-precededgadgetthatendsinaregister-indirectjump;itcanbeusedtojumptoanygadgetwelike,call-precededornot.
ThisisbecausekBouncerimposesnoconstraintsonindirectjumps.
Ourexperienceisthatthistrickisrarelyneededinpractice,butsometimesitmakesconstructingtheattackeasier.
CallOrientedProgramming(COP).
WehavefoundanalternatemethodofmountingaROP-likeattackswith-outusingretinstructions.
WecallourapproachCall-OrientedProgramming(COP).
Insteadofusinggadgetsthatendinreturns,weusegadgetsthatendwithindirectcalls.
Thismayatrstseemtriviallysimilartojump-orientedprogramming,butthereisoneimportantdistinc-tion:indirectcallsareusuallymemory-indirect(thelo-cationtowhichcontrolistransferredisdeterminedbyavalueinmemory,notdirectlybythevalueofaregis-ter).
Asaresult,COPattacksdonotrequireadispatchergadget.
InaCOPattack,gadgetsarechainedtogetherbypointingthememory-indirectlocationstothenextgadgetinsequence.
Theinitializationofthesememorylocationscanbedoneinadvance.
Thisallowsourattacktosetupthesememorylocationsbeforethehistoryhiding,thenrestoreregisterstateusingCOPgadgets.
AslongasfewerthaneightCOPgadgetsareused,kBouncerwilldetectnoattack.
Whenmount-ingaCOPattack,itistrivialtodirectlyissuethedesiredsystemcallaswell:thenalgadgetinthesequencewillpointtothesystemcalltobeissued.
Wehavefoundthatmemory-indirectcalls,andinpar-ticularCOPgadgets,arecommon.
Theyareevenmorecommonthancall-precededgadgetsthatendinaret.
Therearetworeasonswhythisisthecase.
First,withdy-namicallylinkedlibraries,allcallstofunctionsoutsideofthecurrentmoduleareindirectcalls,becausethefunctionlocationisnotknowninadvance.
Second,mostobject-orientedcodereliesonmemory-indirectcalls(e.
g.
,thevtableinC++).
COPattacksdonoteliminatetheneedforret-basedgadgets.
InitializingaCOPattackismuchmoredifcult:theattackermusthavecontrolofprogramow,mustover-writespecicindirect-calllocations,andmustcontrolthestack.
Thisusuallyisnotpossiblewithasingleexploit.
Therefore,itisnaturaltocombineaROPattack(forini-tialsetup)withaCOPattack(forrestoringregisters).
5.
2.
6IssuingtheSystemCallThenalstepofourattackistoissuethedesiredsyscall.
Weusuallyaccomplishthisbycallingtheappropriatelibcorkernel32wrapperfunction.
Thereisonecomplication.
Wecannotsimplyreturndirectlytothebeginningofthedesiredfunction(e.
g.
,mprotect,VirtualProtect)asanormalROPattackwould.
WhenkBouncerisinplace,thisisnotpossible:theattackwouldfailbecausethestartofthisfunctionisnotcall-preceded.
Wehavefoundthreedifferentwaystocallafunctionwithoutdirectlyreturningtoit.
call[7C37A094]A:moveax,[_osplatform]jmpB.
.
.
B:deceaxnegeaxsbbeax,eaxandeax,103leaecx,[ebp-0Ch]pushecxinceaxpusheaxpush[EBP-8]push[EBP-4]call[VirtualProtect]Figure5:Acall-precededcalltoVirtualProtectinmsvcr71.
dll.
TheattackercanreturndirectlytoA.
1.
Wecanuseareectorgadget:acall-precededgadgetthatendswitharegister-indirectjump.
Thisallowsustosimplysetaregistertopointtothefunctionwewishtocallandthenreturntothereectorgadget.
Thisisthesimplestapproachifareectorgadgetcanbefound.
2.
Itisstillpossibletoexploitthedesiredfunctionevenifnoreectorgadgetsareavailable.
Thisisachievedbyndingancalltothedesiredfunctionsomewhereintheprogram'scodeandlookingbackwardsintheinstructionsequenceforaprecedingcall.
Fig.
5showsanexamplewherethemsvcr71.
dllbinarydirectlycallsVirtualProtect.
3.
Itissometimespossibletoreturnintothemiddleofadesiredfunction,rightafteracallinstruction.
Forexample,execv()launchesashellwithastringandanarrayofarguments(Fig.
6).
Ifweinitiallyinitial-izeraxtocontainavalidenvironmentpointer,wecancallexecvbyreturningdirectlyto,whichiscall-preceded.
Anyofthesecanbeusedtocompleteourattack.
5.
3EvasionAttackOurhistoryhidingattackbreakskBouncerbytakingad-vantageofitslimitedhistory.
IfkBouncerwereextendedtohaveacompleteviewofhistory,woulditbecomemoreeffectiveWeshowthat,eveniftheLBRwereofinnitesize,kBouncercouldstillbebrokenbyanevasionattack.
Ourattackissimilartothehistoryhidingattack(§5.
2),exceptthattheinitialpreparationphaseismountedus-ingonlycall-precededgadgets.
Thiseliminatestheneed:pushrbpmovrbp,rsppushr14pushrbxmovr14,rsimovrbx,rdicall_NSGetEnvironmovrdx,[rax]movrdi,rbxmovrsi,r14callexecvemoveax,-1poprbxpopr14poprbpretFigure6:Disassemblyoftheexecvfunctioninlibconoursystem.
ThecalltoNSGetEnvironallowsacall-precededreturndirectlyintothisfunction.
foraushinggadget,theonlypiecethataninnite-LBRkBouncerwouldpreclude.
Therefore,ourattackconsistsofa(call-preceded)setup,a(call-preceded)terminationgadget,followedby(call-preceded)registerrestorationandsyscall.
ThisyieldsasuccessfulevasionattackonkBouncer.
Byusingonlycall-precededgadgetsandbybreakingupthechainofshortgadgetswithalongterminationgad-get,kBouncercanseetheentireattackbutstillwillnotrecognizeitasanattack.
Ourexperimentsshowthatifover70KBofprogramtextisavailable,thenthereareenoughcall-precededgadgetsthatthisattackispossible(see§8.
2).
6DefeatingROPecker6.
1OverviewofROPeckerROPecker[11]isaROPdefensethatbuildsonideasfoundinkBouncer.
ROPeckerdiffersfromkBouncerbyrunningitsinspectionmethodmorefrequentlyandin-spectingtheprogramstatemorethoroughlyatthetimeofinspection.
TheactualpolicyitenforcesisverysimilartothekBouncerpolicy.
InROPecker,onlyafewpagesareevermarkedexe-cutableatonetime.
Wecallthesepagestheexecutableset.
Wheneverapagenotintheexecutablesetisexe-cuted,apagefaultisgeneratedandROPeckerpausespro-cessexecutiontocheckforanattack.
IfROPeckerdoesnotdetectanattack,itmarksthenewpageasexecutable,markstheleastrecentlyexecutedpageasnon-executable,andresumestheprocess.
ROPeckeralsorunsitsdetectorwhenevertheprocessinvokesasyscallaskBouncerdoes.
ROPecker'sdetectorismoresophisticatedthankBouncer'sinthatitlooksatboththerecentpastandprojectsforwardintothenearfuture.
SimilartokBouncer,ROPeckerclassiesthecurrentstateasanattackifthereisalongchainofgadget-likesequencesintheLBR(therecentpast).
Inaddition,ROPeckerattemptstoemulatewhatwillhappeninthenearfutureoncetheprocessisre-sumed.
Itcountsthenumberofgadget-likesequencesthatareabouttoexecute.
IfthesumofthenumberofgadgetsfoundintheLBRandthenumberofgadgetslookingfor-wardexceedssomethreshold,ROPeckerclassiesthisasanattack.
ROPecker'semulationworksbydisassemblingthein-structionstreamfromtheinstructionthatisabouttoex-ecutewhenthepagefaultoccurs.
Ifthereisashortsequenceofinstructionsthatleadstoanindirectjump,ROPeckerclassiesthisasapotentialgadget.
ROPeckerwillthenemulatetheeffectsofeachoftheinstructionsleadingtotheindirectjumpinordertocomputewherethisjumpwillgo.
ROPeckerfollowsthisindirectjumpandstartsdisassemblingagain.
Whenitreachesaninstructionwherethereisnotashortsequenceofinstructionsleadingtoanindirectjump,itstopsthesearch.
ROPeckerthencountsthenumberofindirectjumpsfollowed,andclassi-eseachofthoseasgadgets.
ROPeckerveriesthatfromthecurrentexecutionpointtherearenot11gadget-likesequencesofinstructions.
3ROPeckerclassiesaninstructionsequenceasagadgetifitcontainssixorfewerinstructionsendinginanindirectbranch,withnodirectorconditionalbranchesalongtheway.
6.
2TheRepeatedHistoryHidingAttack6.
2.
1AttackOverviewWeshowhowtobreakROPeckerusingarepeatedhis-toryhidingattack.
Thisattackrepeatedlyinvokesthehistory-hidingprimitive,introducedin§3.
3,justbeforeROPecker'sdetectorisabouttoexecute.
Weagaindeneastatetobevalidiftheinspectionmethodwillnotdetectanattack.
Thestatemustbevalidattwopointsintime:wheneveranewpageisloadedintotheexecutablesetandwheneverasyscallisexecuted.
Ourattackalternatesbetweenthreephases,asdepictedinFig.
7.
Theloadingphaseloadsusefulpagesintotheexecutableset.
Theattackphaseinvokesgadgetsonthesepages.
Theushingphasemountsthehistoryhidingat-tackfrom§5.
2usingonlygadgetsfromthepagesthatare3TheROPeckerpaperdoesnotpickaspecicparameterforthemax-imumnumberofgadgetsthatmayexecuteconsecutively.
Itsuggeststhisnumberischosenbetween11and16,soweconservativelypick11.
Ourattacksaremadeeasierifalargernumberischosen.
Figure7:AnoverviewoftherepeatedhistoryhidingattackonROPecker.
Lngadgetsloadpagen.
Ltloadstheterminationgadget.
Gninvokesagadgetonpagen.
Fisashortushinggadget,andTisalongterminationgadget.
intheexecutableset.
Wemayneedtoexecuteeachofthesethreephasesmultipletimestoachieveourgoal.
Weconcludewithonenalstepwhichactuallyissuesthede-siredsyscallafterrestoringtherequiredstate.
Becauseweuseonlygadgetsintheexecutablesetduringeachattackphase,ROPecker'sdetectorwillexecuteonlywhennewpagesareloaded,whichallowsustoreasonaboutwhatwillbevisibletoROPecker.
6.
2.
2AttackPhasesInitialization.
Priortoourattack,weinsertatermina-tiongadget,whichwillstopROPeckerfromlookingfur-therbackintheLBR.
ThislongterminationgadgetisidenticaltotheoneusedinthekBouncerattacks.
ThisensuresthatwhenROPeckernextruns,itwillnotcountanyfunctionsonthecallstackpriortoinitializationasgadgets.
LoadingPhase.
Weloadusefulpagesintotheexe-cutablesetbyinvokingapageloadgadgetoneachpagewewantaddedtotheexecutableset.
Apageloadgad-getisanycall-precededgadgetonthatpage,whichhastwoproperties:rst,itmustleavetheattackerwithcon-troloftheinstructionow;andsecond,itmustnotcrashtheprocess.
Thesetworequirementsarenotdifculttomeet:anyusefulgadgetisalsoapageloadgadget.
TheROPeckerdetectorwillrunimmediatelybeforeeachpageloadgadgetisinvoked.
Afterinvokingeachsetofpageloadgadgetswecalltheterminationgadgettopreventthedetectorfromlookingforwardanyfartherintothefuture.
ROPeckerwillnotdetectanattackbecauseeachse-quenceofpageloadgadgetsisimmediatelyprecededandfollowedbyaterminationgadget.
Whenapagefaultoc-curs,ROPeckerwillcountthenumberofvisiblegadgetslookingbackwardsintheLBRandforwardsasfarasitcansee.
Lookingbackwardswillstopatprecedingtermi-nationgadget,andlookingforwardwillstopatthesub-sequentterminationgadget.
Thus,ROPeckerwillcountthenumberofpageloadgadgets.
Bylimitingthenumberofconsecutivepageloadgadgets,theattackercanevadedetectionduringthisphase.
AttackPhase.
Nowthattheusefulpageshavebeenloaded,wecanuseanygadgetsonthesepagestomountanattack,ignoringanydefensewhichmayberunning.
Aslongasweuseonlygadgetsonthesepages,thedefensewillnevertrigger.
Recallthatthesethreephasesarerepeatedlyexecuted,sonooneattackphaseneedstoperformtheentireattack.
Instead,theattackcanbedistributedamongmultipleat-tackphases,makingeachonesimpler.
HistoryHiding.
Afterinvokinggadgetsonthesepages,wenowusethehistoryushingprimitivebeforethede-tectionmethodnextruns.
WeusethesamemethodweappliedagainstkBouncertocleartheLBR.
Inparticular,weinvokeashortushinggadgetenoughtimestolltheLBRwithinnocuousentries,theninvokethelongtermi-nationgadget(whichwasloadedpreviously).
WhentheROPeckerdetectornextruns,itwillseenoattackpriortothispointintime.
6.
2.
3SegmentingtheAttackPayloadWhenmountingthisattack,wemustcarefullypickwhichtaskstoperformduringeachattackstep.
Becausetheushingandterminationgadgetsclobbersomeregisterstatebetweeneachattackstep,itisimportanttopicksmallindependentoperationsforeachstepoftheattack.
Foranygivenattack,itmaynotbepossibletomodifyittoworkasanattackwhichbypassesROPecker.
Instead,attacksmustbeformedwithROPeckerinmind.
Eachstepintheattackmustbeconstructedtouseonlyalimitednumberofgadgets,sothatitsworkcanbesavedbeforeloadinginanewsetofgadgets.
Often,westartbycomputingtheaddressofthedesiredlibcfunctionwewishtocall(e.
g.
,mprotect)eitherbyaddingaconstanttotheaddressofsomeotherfunctioninlibc,orbyloadingitdirectly.
Westoretheresultinmemory.
Inthenextattackstep,wecomputetheaddressofthepagewewishtomarkasexecutable(typicallyonthestack).
Wecontinueinthisway,computinganyotherneededconstantsinseparateattacksteps.
Wethenrestoreregistervaluesandcallmprotectonthedesiredpage.
Finallywecanexecuteatraditionalpayloadwithdatawehavewrittentothispage.
6.
2.
4SelectingPagestoLoadSincetheexecutablesetcancontainonlyafewpagesatonetime,wemustchoosethesepageswithcare.
Thenaiveapproachistoselecteachpagetoloadforoneuse-fulgadgetonthatpage,andcalleachgadgetexactlyonce.
Wehavefoundthatthissimplemethodworkswellinpracticeinmostcases.
Becausetheushingandtermi-nationgadgetsmayclobberafewregisters,wemayneedreserveoneortwoofthosegadgetstoloadandsavereg-isterstomemory,sothatataskcanbepartiallycompletedinoneattackstep.
Amoreadvancedmethodistopickpagesthatcontainmultiplegadgets.
Inourevaluation,wefoundthatinprac-ticetheretendtobemany"useful"gadgetsontheaveragepage.
Thus,byselectingthepagescarefully,wecanndpageswithenoughusefulgadgets.
ThisisenoughthatwecanattackROPeckerevenwhenthesizeofitsexecutablesetislimitedtojustoneortwopages.
6.
2.
5IssuingtheSyscallOncewehaveexecutedsufcientload/attackphasestosetupthestateoftheprocess,weappendonenalsteptoactuallyissuethedesiredsyscall.
Thisstepisnotexecutedmultipletimes:itisdoneonlyonceattheveryend.
Duringthisstep,weushhistory,invokethetermina-tiongadget,andthenissuethesyscallusingoneofthethreemethodsfrom§5.
2.
6.
Weperformthisstepusingatmost10gadgetinvocationssothatROPeckerwillnotdetectanattackwhenitexaminestheLBRatthesyscall.
Conveniently,itispossibletouseanygadgetintheentirebinaryduringthisstep,evenifitisnotcontainedwithintheexecutableset.
Nopageloadinggadgetsareneeded.
Thisworksbecausetherewillbeatmost10gadgetsbetweentheterminationgadgetandthesyscall.
Thus,eventhoughROPecker'sdetectormayrunduringthisstep(ifweuseagadgetthat'snotintheexecutableset),itscountofthenumberofgadgetswillbebelow11,thethresholdfordetectinganattack.
Notethat,inparticular,anattackwhichrequiresfewerthantengadgetstoexecutecanskiptheload/attackphasesanddirectlyissuethesyscallinthisway.
6.
3TheEvasionAttackWenowpresenttheROPeckerevasionattack,analter-nateattackthatwouldbreakROPeckerevenifthesizeoftheexecutablesetwerereducedtojustonepage.
Asasidebenet,inourexperiencetheevasionattackmakesiteasiertoautomateattacksinpracticethantherepeatedhistoryhidingattackof§6.
2.
Atahighlevel,theideaisthatwewillletROPeckerinspecttheexecutionofourattackatarbitrarypointsintime.
Weensurethatnomatterwhenitsdetectorruns,itwillneverdetectanattack.
WeachievethisthroughanevasionattacksimilartotheonepresentedonkBouncer(§5.
3).
TheROPeckerevasionattackworksbyinsertingater-minationgadgetinbetweeneverytenusefulgadgets.
Whenthedetectorruns,itwillcheckforwardandback-wardtocountthenumberofgadgetsinuse;therewillbefewerthan11gadgets,thethresholdfordetection,soROPeckerwillnotdetecttheattack.
TheauthorsofROPeckernotethatthisattackmaybepossiblein§VII(b)oftheirpaper[11].
Theyproposeamitigationforsuchanattack.
Weshowthateventheirmitigationisbroken.
TheROPeckermitigation.
ROPeckerdetectsanattackiftherearemorethantenconsecutivegadgets.
Theex-tendedversionofROPeckerrecordshowmanygadgetsexistedinpreviousrunsofthedetector.
Itdetectsanat-tackifthenumberofgadgetswhichexecutedinthelastTrunsislargerthansomethreshold.
Whileitispossiblefortheretobe10sequentialgadget-likereturnsinbenignpro-gramexecution,itisunlikelyfortheretobe10sequentialgadget-likereturnsTtimesinarow.
Conceptually,thisisanalogoustorunningthedetec-tionmechanismbothforwardsandbackwards,allowinguptoT1longgadgetsbeforestoppingthesearch.
Anattackisdetectedifthenumberofgadgetsfoundbythisextendedsearchisgreaterthansomethreshold.
Thisdefensedoesnothelpagainstourrepeatedhistoryhidingattack.
Inthatattack,ROPeckeronlyeverseesasmanygadgetsaspagesthatarebeingloaded.
Thisconstantisusuallyverysmall(e.
g.
,twoorfour).
TheROPeckerauthorsobservedthatbenignexecutiondoesoccasionallyexecutefoursequentialgadget-likechains(withfrequency0.
58%).
Thisfrequencyislargeenoughthatsignalinganattackiftherearefourgadgetsrepeatedthreetimeswouldcausetoomanyfalsepositives.
Breakingthemitigation.
TheextendedversionofROPeckercanbebrokenbyasimplemodicationofourevasionattack:insteadofinvokingtheterminationgad-getonce,invokeitTtimesinarow.
Wealternatemakingonestepofusefulprogress(withtenusefulgadgets)withinvokingtheterminationgadgetTtimes.
ThispreventsROPeckerfromdetectingconsecutivelongchainsofgad-gets.
Instead,itseesalongchainfollowedbyseveralshortchains,whichwillnottriggerthedefense.
Practicality.
Onemightwonderwhetherevasionat-tacksarepractical.
If,betweeneverytenusefulopera-tions,wemustpotentiallydestroyourprogress,canweachieveanyusefulcomputationWefounditisstillpossibletoperformusefultasksevenwheninsertingaterminationgadget(or,potentiallymulti-pleterminationgadgets)inbetweeneverytenusefulgad-get(see§8.
3).
Wesaveregisterstatetomemorybeforeeachterminationgadgetandrestoreitafterwards.
Itisonlynecessarytosaveandrestoreregistersthatarebothclobberedbytheterminationgadgetandusedbytherestofourattack.
Inourexperience,itisoftenpossibletondterminationgadgetsthatonlyclobberoneortworegisters.
Thisallowsformanygadgetsthatmakeforwardprogress,withafewdedicatedtosavingandrestoringstate.
6.
4AttackComparisonThesetwoattacksareusefulindifferentcircumstances.
Themostimportantdifferenceiswhenthedetectionmechanismruns.
Inrepeatedhistoryhiding,thedetectiononlyeverrunsafterahistoryush,andsothedefendercanneverevenseewhattheattackerisdoing.
Intheeva-sionattack,thedefenderiscontinuouslymonitoringtheattackprogress.
Thisleadstothekeydistinctionbetweenthetwoattacks.
Inrepeatedhistoryhiding,wehaveaverylimitedsetofgadgets,butmayusethemanunboundednumberoftimesbeforeushing.
Intheevasionattack,wehaveallofthegadgetsintheprogramavailabletous,butmustusheverytengadgets.
7FixableAttacksonROPeckerWenowdiscussseveralwaysinwhichROPeckerisbro-kenthatourattackdoesnotrelyon.
Thatis,theattacksdiscussedintheprevioussectionsworkevenifweimproveROPecker'sdetectionmechanismstopreventeachofthefollowingspecicattacks.
Webelievethesemodicationsarepossible,anditisonlytheengineeringdifcultiesofobtainingalowoverheadthatexplainswhytheyarenotcurrentlyimplemented.
Becauseofthis,wedonotbaseourpreviousattackonthesexableimplementationis-sues.
Gadgetdenitiondoesnotallowanybranches.
ROPecker'sdenitionofagadgetisoverlyspecicanddoesnotallowgadgetstocontaineitherdirectorcon-ditionalbranches.
Incomparison,wehavefoundthatkBouncer'sdenitionofagadgetisstrong:itisdifculttondgadgetsoflengthtwentyormorethatperformusefulcomputation.
ROPecker'schoicetonotfollowanydirectorcondi-tionalbranchesisaawthat,whileallowingforamoreefcientimplementation,makesexploitationnearlytriv-ial.
ThisdecisionallowsanattackertoushtheLBR,andtostoptheforward-inspectionalgorithm,withano-op-likegadgetthatjumpsdirectlytoareturninstruction.
Thisformofgadgetispervasiveinprogrambinariesandallowsforamuchsimplerterminationgadgetthatdoesnotclobberanyregisterstate.
Infact,whenevaluatingthepracticalityofourattacksonkBouncerbeforebecomingawareofROPecker,nearlyallofourexploitscontainedatleastoneusefulgadgetthatwouldnotbeclassiedasagadgetbyROPecker'sdeni-tion.
Gadgetchainthresholdistooshort.
ROPecker'schoicetodenegadgetsasbeingasequenceofsixorfewerinstructionsmakesitnearlytrivialtondgadgetsthathaveapredictablebehaviorwhilestillbeingclassi-edasanon-gadgetbyROPecker.
Forexample,on64-bitsystems,thegadgetconsistingofpoppingoffregistersr10throughr15followedbyaretisseveninstructionslong:notonlyisthisausefulgadget,itisverycommon.
ROPecker'sfailuretorecognizeitasagadgetisaseriouslimitationofROPecker.
Thesetofriskysystemcallsisnotcomplete.
ROPecker'ssetofriskysystemcallsistoolimitedandneedstobeupdatedtomorecloselymatchthoseusedinkBouncer.
BecauseROPeckerisdesignedforLinuxandkBouncerforWindows,wecannotsimplyreplaceonewiththeother.
However,otherthanperformancereasons,thereisnoreasontonotdefendallsystemcalls.
8EvaluationTheattacksdiscussedintheprevioussectionsareprac-tical.
Weevaluatetheseattacksbymodifyreal-worldex-ploits,aswellasbydemonstratingthatonly70KBofcodeisneededtomountpurelycall-precededattacks.
8.
1OurToolWebuiltatooltoassistoureffortsinndingattacksonreal-worldexploits.
Itdoesnotautomaticallybreakei-therofthesetwodefenses,butassistsinndingusefulgadgets.
Wewroteourtoolasa1KlinePythonpro-gram.
Ittakesasinputadisassembledobjectle(fromobjdump),andthereforeonlyinspectsintendedinstruc-tionsequences:eventhoughtheremaybeunintendedin-structionsequenceswhicharecall-preceded,weignorethese.
44EventhoughROPeckerdoesnotenforcegadgetsarecall-preceded,westillusethistooltoevaluateROPecker,aswenditissufcienttoidentifyusefulsequences.
BinarySetupFlushSyscalldiff832grops434lsof1223*ltrace422grub-mkimage443strace1742*pic1123apt-get1432*info1333*apt-ftparchive432Table1:ThenumberofgadgetsforthethreestepsinourkBouncerattackforbinariesfrom/usr/bin/.
En-triesmarkedwithanasteriskhavesuccessprobabilityof≥99.
99%,therestwith100%.
Ourtoolrstenumeratesallpotentialcall-precededgadgets.
Weimplementedasimplesymbolicexecutionframeworktodeterminetheeffectsofeachofthesepo-tentialgadgets.
Thissystemisnotcomplete,butitmod-elssomeoftheeffectsofmanycommoninstructions.
5Itcomputesandoutputsthepathconstraintsthatmustholdtofollowtheconditionalbranchesinagadget.
Italsooutputsthelistofmodiedmemorylocations,accessedmemorylocations,andthenewvaluesofupdatedregis-tersattheendofexecution.
Thetoolreturnsalistofgadgetssortedbyeaseofuse:gadgetswithfewerconditionalbranchesandfewermem-orylocationswhichmustbevalidrisetothetop.
Eachgadgetismarkedwithahintonhowitmightbeuseful(e.
g.
,thatthegadgetisamemory-loadgadget,orthatitcomputesthesumoftworegisters).
Italsoprovidesuswithalistofterminationgadgets,sortedbyeaseofuseandthenumberofotherregisterstheyclobber.
8.
2FullyCall-PrecededAttacksHowpracticalarefullycall-precededROPattacksOurmeasurementsindicatethattheyarequitepractical.
TheQROPcompiler[26]isabletomountaROPattackin80%ofbinariesover20KBinsize.
Giventhatonly6%ofgadgetsQndsarecall-preceded,wewouldexpectthatwith333KBofbinary,wecouldachievesimilarresults.
Weactuallyfoundthatitispossibletoexploit10outof10programsweanalyzedofsize70KBorlarger.
Weanalyzed10binariesfrom/usr/binonUbuntu5Themostimportantdecienciesinourtoolareasfollows:weim-plementonlythethirtymost-usedinstructions(covering99%ofinstruc-tionsusedinourbinaries),weignoresegmentregisters,wedonottrackseveraloftheagssetbyinstructions,andwedonotproperlyhandlereferencingvariableregisterwidths.
Despitethis,wehavefoundourtooltobeaccurateinthevastmajorityofcases.
12.
04.
Inparticular,weselectedtherst10binariesthathaveASLRdisabledandhavemorethan20kinstructions(70KBbinarysize).
Inall10cases,wewereabletondenoughgadgetstomountafullycall-precededhistoryhid-ingROPattackonkBouncer.
Table1shows,foreachofthesetenbinaries,thenumberofgadgetsusedforineachofthethreephasesofourROPattack.
Attacksmarkedwithanasteriskhaveasuccessprobabilityof≥99.
99%duetothepossibilityofamodulecrossinga32-bitbound-ary.
Allotherattackshavea100%successprobability.
Ineachofthesebinaries,weuseonlythecodepresentintheactualbinary,notanyotherlinkedlibraries.
Wearenotarguingthatthesebinariesarevulnerabletoattack;weareonlyattemptingtodeterminehowmuchprogramtextisrequiredtomountfullycall-precededattacks.
Webelievetheretobetwomainreasonswhyweweresosuccessful.
First,wemanuallyanalyzedthesebinariesinordertoconstructaROPattack,whereasQisanau-tomatedtool.
However,givenQ'ssophisticatedanalysis,wedonotbelievethisaccountsforallofthedifference.
Wesuspectthateventhoughonly6%ofgadgetsarecall-preceded,theyhavemorediversityandthusaredispro-portionatelylikelytocoverthespaceofdifferentkindsofgadgetsthatareneeded.
8.
3ModifyingReal-WorldExploitsWenowevaluatethedifcultyofmodifyingreal-worldexploitstobypassbothkBouncerandROPecker.
Tochooseourexploits,wepicktheROPattacksthatwereshowntobepreventedbykBouncerandROPecker.
ForkBouncer,weshowhowallfouroftheseattackscanbemodiedsokBouncerwillnotdetectthem.
Wenallymodifytheonereal-worldexploitwhichROPeckerisshowntopreventtobypassROPecker.
8.
3.
1kBouncerExploitsWemodiedfourreal-worldexploitstobypasskBouncer.
Noneofthemodicationstotheseexploitstookussig-nicanteffort.
Oncewewereabletoreproducetheex-ploitonourmachine,eachexploittookunderhalfofaday'sworthofworktomakeitbypasskBouncer.
Giventhelonganddifcultexploitationdevelopmentprocess,wedonotthinkthisismeaningfullyharder,especiallyforwell-trainedexploitdevelopers.
MPlayerLiter33063.
Thisprogram[19]hadastack-basedbufferoverowvulnerability,whichwasex-ploitedbyoverwritingtheSEHpointer[20].
Theavcodec-52.
dlldoesnothaveASLRenabled.
Thisdllis10MB,andcontainsplentyofgadgets:therewere748potentialterminationgadgetswithtwoorfewercon-ditionalbranches.
Therstofthesethatwetriedworked,andwasgivenpreviouslyinFig.
3(b).
AdobeReader9.
3.
4.
ThisAdobeReaderexploitusesasophisticatedJavaScriptvulnerabilityandwasbuiltontheMetasploitframework[1].
Thisexploitreliedonicucnv36.
dllhavingASLRdisabled.
Thisdllis10MBandhas130availableterminationgadgetswithtwoorfewerconditionalbranches.
WecreatedaROPchaintocallVirtualProtectonapageandveriedthatcodeonthispageinmemorycouldbeexecuted.
AdobeFlash11.
3.
300.
AnintegeroverowcausedthisvulnerabilityinAdobeFlash.
ThisexploitwasalsobuiltwiththeMetasploitframework[2].
Theexploitreliedonmsvcr71.
dllhavingASLRdisabled.
Thisdllis300KBandhas64availableterminationgadgets.
Inthisexploit,wewereabletosuccessfullychangeapagetobeexe-cutableandspawnanotherprocess.
InternetExplorer8.
ThenalexploitwemodiedwasinIE8andalsousedMetasploit[3].
Thisexploitwasthemostdifcultforustomodify,andrequiredaman-ualstack-pivottoacontrolledlocationsothatwecouldinvokeVirtualProtectinacall-precededmanner.
Wereliedagainonmsvcr71.
dlltospawnanotherprocess.
8.
3.
2ROPeckerExploitsROPeckerwasbuiltasaLinuxkernelmoduleandwasshowntostoptwoexploits.
Oneofthesetwoexploitsbytheauthorsistoexploita20-lineexampleCprogramwithatrivialstackoverowfromROPEME[17].
Theotherexploitisareal-worldexploitinhteditor,whichhasapublishedvulnerability[33]theyveriedtheydefendagainst.
Becausetheyonlyevaluatetheirdefenseononebinary,wehaveonlythisonebinarytodemonstrateourat-tackon.
Weevaluateourtwomethodsofattack(repeatedhistoryhidingandevasionattacks)onthisbinary.
Thepublicvulnerabilitydisclosureincludedanex-ploitableversionofthehteditorsource.
Wedownloadedthisandcompileditforoursystemwithstackprotectiondisabled,aswewanttotesthowwellROPeckerdefendsagainstattack,nothowwellstackcanarieswork.
Evasionattack.
Wesuccessfullymountedanevasionattackonhteditor.
Ourexploitrequired12gadgets.
Wesplittheattackintotwo10-gadgetsegments,withthesec-ondsegmentcallingexecvbyoverwritingtheGOTentryforstrlenandndingacall-precededintendedcalltoit.
Repeatedhistoryhidingattack.
Wesuccessfullymountedarepeatedhistoryhidingattackonhteditoras-sumingfourpagesintheexecutableset.
Ourattackcon-sistedofthreephases.
Inthersttwophaseswecomputedtheaddressofexecv,andinthethirdwecalledit.
Intherstphase,wewereabletouseagadgettwicethatweloadedonce.
9RelatedWorkRandomization-basedapproaches.
AddressSpaceLayoutRandomization(ASLR)andAddressObfuscation[5]wererstintroducedtomakeitmoredifculttoinjectshellcode,andwerelaterappliedtothetextsegmenttopreventROPattacks.
Shachametal.
demonstratedade-randomizationattack[28]onPaXASLR.
AddressSpaceLayoutPermutation(ASLP)[16]issimilarinmanywaystoASLRbutprovideshigheren-tropybypermutingthelocationsoffunctions.
Otherde-fensesextendsthisfurtherbyrandomizingtheaddressesofindividualinstructions[15,31].
Anothertechniquereplacesshortsequencesofinstructionswithalternate,functionally-identical,equal-lengthsequence,hinderinganattacker'sabilitytouseunintendedgadgets[22].
Arecentjust-in-timecodereuseattack[29]compilesROPontheytobypassASLR.
Control-FlowIntegrity(CFI).
Abadietal.
introducedcontrol-owintegrity(CFI)[4]asamethodofpreventingattacksbyrestrictingjump,call,andreturninstructionstofollowthestatically-determinedcontrol-owgraphoftheprogram.
Duetothedifcultyofobtainingaprecisecontrol-owgraphoftheprogram,manydefenseschooseinsteadtoenforcealessprecisepolicy.
Often,thispolicysimplyrequiresthatreturnsbecall-preceded,andindirectcallspointtothebeginningoffunctions[34,6,32].
TheattackspresentedinthispapershowtheseCFIbaseddefensesareweakerthanpreviouslythought.
Sincecall-precededROPispossible,mostofthesedefensescanbebrokenwiththattechniquealone.
Concurrenttothiswork,adetailedexaminationofattacksonmanyCFI-basedschemescametothissameconclusion[14].
Runtimedefenses.
Therearemanyothertypesofde-fensesthatcanbestbedescribedasruntimedefenses.
DROP[9]monitorstheruntimebehavioroftheprocessand,nearlyidenticallytoROPecker,ifthereisalongcon-secutivesequenceofreturns,eachofwhichcontainfewerthanaxedlength,theprogramiskilled.
OurworkinthispaperconstitutesatotalbreakofDROP.
ROPGuard[13]containsseveralheuristicstodetectROPattacks.
Oneoftheseisthecall-precededdefenseintroducedearlier.
ROPdefender[12]implementsashadow-stackandveri-esthatallreturnsexistsomewhereontheshadow-stack.
Ourworkdoesnotapplytoshadow-stackdefenses.
Recompilation-baseddefenses.
Otherdefensesrelyonrecompilationtoremovegadgetfromthecompiledbinary.
G-Free[21]doesthisbyremovingunintendedreturnin-structionsandencryptingreturnaddresses,sothatret-gadgetsbecomenearlyimpossibletouse.
Thereturn-lesskernel[18]entirelyremovesthec3byte(theopcodeofret)fromallinstructions,andreplacesvalidreturnswithalookupintoatablecontainingthevalidreturnsites.
10ConclusionInthispaper,wehavepresentedthreebuildingblocksforROPattacksthatallowustobreaktwostate-of-the-artROPdefenses.
Wedemonstratethepracticalityofourattacksbymodifyingreal-worldexploitstobypassthesedefenses.
Morebroadly,ourworkdisprovestwopiecesofcon-ventionalwisdom:thatROPattacksonlyconsistofshortgadgets,andthatROPattackscannotbeeffectivelymountedincall-precededmanner.
Futuredefensesmusttakecaretoguardagainstattackssimilartoours.
Specically,wesuggesttwoparticularrequirementsforfuturedefenses.
First,defensesshouldargueeitherthattheycaninspectallrelevantpasthistoryor,iftheyhavealimitedhistory,thattheirlimitedviewofhistorycannotbeeffectivelyclearedoutbyanattacker.
Second,defensesthatdefendagainstonespecicaspectofROPmustarguethatisanecessarycomponentofone.
WebelieveanimportantopenresearchquestionistodeterminewhatpropertiesaretrulyfundamentalaboutROPattacksthataredifferentthantypicalprogramexe-cution.
Wehopefutureworkwillexplorehowthesefun-damentaldifferencescanbeexploitedtocreategeneral-purposedefenses.
AcknowledgmentsWegratefullyacknowledgeMatthiasPayer,MichaelMc-Coyd,ThurstonDang,andtheanonymousreviewersfortheirhelpfulfeedback.
ThisresearchwassupportedbyIntelthroughtheISTCforSecureComputing,bytheAFOSRunderMURIawardFA9550-12-1-0040andMURIawardFA9550-09-1-0539,andbytheNationalScienceFoundationundergrantCCF-0424422.
References[1]AdobeCoolTypeSINGTable"uniqueName"StackBufferOverow.
http://www.
rapid7.
com/db/modules/exploit/windows/browser/adobe_cooltype_sing.
[2]AdobeFlashPlayer11.
3KernTableParsingIntegerOverow.
http://www.
rapid7.
com/db/modules/exploit/windows/browser/adobe_flash_otf_font.
[3]MicrosoftInternetExplorerCButtonObjectUse-After-FreeVulnerability.
https://www.
rapid7.
com/db/modules/exploit/windows/browser/ie_cbutton_uaf.
[4]MartnAbadi,MihaiBudiu,UlfarErlingsson,andJayLigatti.
Control-owintegrity.
InProceedingsofthe12thACMconfer-enceonComputerandcommunicationssecurity,pages340–353.
ACM,2005.
[5]SandeepBhatkar,DanielCDuVarney,andRonSekar.
Addressob-fuscation:Anefcientapproachtocombatabroadrangeofmem-oryerrorexploits.
InProceedingsofthe12thUSENIXsecuritysymposium,volume120,2003.
[6]TylerBletsch,XuxianJiang,andVinceFreeh.
Mitigatingcode-reuseattackswithcontrol-owlocking.
InProceedingsofthe27thAnnualComputerSecurityApplicationsConference,pages353–362.
ACM,2011.
[7]ErikBuchanan,RyanRoemer,HovavShacham,andStefanSav-age.
Whengoodinstructionsgobad:generalizingreturn-orientedprogrammingtoRISC.
InProceedingsofthe15thACMconferenceonComputerandcommunicationssecurity,pages27–38.
ACM,2008.
[8]StephenCheckoway,LucasDavi,AlexandraDmitrienko,Ahmad-RezaSadeghi,HovavShacham,andMarcelWinandy.
Return-orientedprogrammingwithoutreturns.
InProceedingsofthe17thACMconferenceonComputerandcommunicationssecurity,pages559–572.
ACM,2010.
[9]PingChen,HaiXiao,XiaobinShen,XinchunYin,BingMao,andLiXie.
DROP:Detectingreturn-orientedprogrammingmaliciouscode.
InInformationSystemsSecurity,pages163–177.
Springer,2009.
[10]ShuoChen,JunXu,EmreCSezer,PrachiGauriar,andRavis-hankarKIyer.
Non-control-dataattacksarerealisticthreats.
InProceedingsofthe14thconferenceonUSENIXSecuritySympo-sium,volume14,pages12–12,2005.
[11]YueqiangCheng,ZongweiZhou,MiaoYu,XuhuaDing,andRobertHDeng.
ROPecker:Agenericandpracticalapproachfordefendingagainstropattacks.
NDSS14,2014.
[12]LucasDavi,Ahmad-RezaSadeghi,andMarcelWinandy.
ROPde-fender:Adetectiontooltodefendagainstreturn-orientedprogram-mingattacks.
InProceedingsofthe6thACMSymposiumonIn-formation,ComputerandCommunicationsSecurity,pages40–51.
ACM,2011.
[13]IvanFratricandEliasBachaalany.
ROPGuard.
http://code.
google.
com/p/ropguard/.
[14]EnesG¨oktas,EliasAthanasopoulos,HerbertBos,andGerogiosPortokalidis.
Outofcontrol:Overcomingcontrol-owintegrity.
InIEEES&P,2014.
[15]JasonHiser,AnhNguyen-Tuong,MicheleCo,MatthewHall,andJackWDavidson.
ILR:Where'dmygadgetsgoInSecurityandPrivacy(SP),2012IEEESymposiumon,pages571–585.
IEEE,2012.
[16]ChongkyungKil,JinsukJim,ChristopherBookholt,JunXu,andPengNing.
Addressspacelayoutpermutation(ASLP):Towardsne-grainedrandomizationofcommoditysoftware.
InComputerSecurityApplicationsConference,2006.
ACSAC'06.
22ndAnnual,pages339–348.
IEEE,2006.
[17]LongLe.
Payloadalreadyinside:Datare-useforROPexploits.
BlackHatUSA,2010.
[18]JinkuLi,ZhiWang,XuxianJiang,MichaelGrace,andSinaBahram.
Defeatingreturn-orientedrootkitswithreturn-lessker-nels.
InProceedingsofthe5thEuropeanconferenceonComputersystems,pages195–208.
ACM,2010.
[19]NateM.
MPlayer(r33064Lite)BufferOverow+ROPexploit.
http://www.
exploit-db.
com/exploits/17124/.
[20]BrianMariani.
Structuredexceptionhandlerexploitation.
http://www.
exploit-db.
com/wp-content/themes/exploit/docs/17505.
pdf.
[21]KaanOnarlioglu,LeylaBilge,AndreaLanzi,DavideBalzarotti,andEnginKirda.
G-Free:defeatingreturn-orientedprogrammingthroughgadget-lessbinaries.
InProceedingsofthe26thAnnualComputerSecurityApplicationsConference,pages49–58.
ACM,2010.
[22]VasilisPappas,MichalisPolychronakis,andAngelosDKeromytis.
Smashingthegadgets:Hinderingreturn-orientedpro-grammingusingin-placecoderandomization.
InSecurityandPri-vacy(SP),2012IEEESymposiumon,pages601–615.
IEEE,2012.
[23]VasilisPappas,MichalisPolychronakis,andAngelosDKeromytis.
TransparentROPexploitmitigationusingindirectbranchtracing.
InProceedingsofthe22ndUSENIXConferenceonSecurity,2013.
[24]JonathanPincusandBrandonBaker.
Beyondstacksmashing:Re-centadvancesinexploitingbufferoverruns.
Security&Privacy,IEEE,2(4):20–27,2004.
[25]MarcoPrandiniandMarcoRamilli.
Return-orientedprogram-ming.
Security&Privacy,IEEE,10(6):84–87,2012.
[26]EdwardJSchwartz,ThanassisAvgerinos,andDavidBrumley.
Q:Exploithardeningmadeeasy.
InUSENIXSecuritySymposium,2011.
[27]HovavShacham.
Thegeometryofinnocenteshonthebone:Return-into-libcwithoutfunctioncalls(onthex86).
InProceed-ingsofthe14thACMconferenceonComputerandcommunica-tionssecurity,pages552–561.
ACM,2007.
[28]HovavShacham,MatthewPage,BenPfaff,Eu-JinGoh,Nagen-draModadugu,andDanBoneh.
Ontheeffectivenessofaddress-spacerandomization.
InProceedingsofthe11thACMconferenceonComputerandcommunicationssecurity,pages298–307.
ACM,2004.
[29]KevinZSnow,FabianMonrose,LucasDavi,AlexandraDmitrienko,ChristopherLiebchen,andAhmad-RezaSadeghi.
Just-in-timecodereuse:Ontheeffectivenessofne-grainedad-dressspacelayoutrandomization.
InSecurityandPrivacy(SP),2013IEEESymposiumon,pages574–588.
IEEE,2013.
[30]MinhTran,MarkEtheridge,TylerBletsch,XuxianJiang,VincentFreeh,andPengNing.
Ontheexpressivenessofreturn-into-libcattacks.
InRecentAdvancesinIntrusionDetection,pages121–141.
Springer,2011.
[31]RichardWartell,VishwathMohan,KevinWHamlen,andZhiqiangLin.
Binarystirring:Self-randomizinginstructionaddressesoflegacyx86binarycode.
InProceedingsofthe2012ACMconferenceonComputerandcommunicationssecurity,pages157–168.
ACM,2012.
[32]YubinXia,YutaoLiu,HaiboChen,andBinyuZang.
CFIMon:De-tectingviolationofcontrolowintegrityusingperformancecoun-ters.
InDependableSystemsandNetworks(DSN),201242ndAn-nualIEEE/IFIPInternationalConferenceon,pages1–12.
IEEE,2012.
[33]ZadYree.
HTEditor2.
0.
20BufferOverow(ROPPoC).
http://www.
exploit-db.
com/exploits/22683/.
[34]ChaoZhang,TaoWei,ZhaofengChen,LeiDuan,LaszloSzekeres,StephenMcCamant,DawnSong,andWeiZou.
Practicalcontrolowintegrityandrandomizationforbinaryexecutables.
InSecu-rityandPrivacy(SP),2013IEEESymposiumon,pages559–573.
IEEE,2013.