Visible to the public Saffire: Context-sensitive Function Specialization against Code Reuse Attacks

TitleSaffire: Context-sensitive Function Specialization against Code Reuse Attacks
Publication TypeConference Paper
Year of Publication2020
AuthorsMishra, Shachee, Polychronakis, Michalis
Conference Name2020 IEEE European Symposium on Security and Privacy (EuroS P)
KeywordsComplexity theory, composability, human factors, Layout, Libraries, pubcrawl, Resiliency, return into libc, return oriented programming, rop attacks, Runtime, Scalability, Software, software debloating, software reliability, Transforms
AbstractThe sophistication and complexity of recent exploitation techniques, which rely on memory disclosure and whole-function reuse to bypass address space layout randomization and control flow integrity, is indicative of the effect that the combination of exploit mitigations has in challenging the construction of reliable exploits. In addition to software diversification and control flow enforcement, recent efforts have focused on the complementary approach of code and API specialization to restrict further the critical operations that an attacker can perform as part of a code reuse exploit. In this paper we propose Saffire, a compiler-level defense against code reuse attacks. For each calling context of a critical function, Saffire creates a specialized and hardened replica of the function with a restricted interface that can accommodate only that particular invocation. This is achieved by applying staticargumentbinding, to eliminate arguments with static values and concretize them within the function body, and dynamicargumentbinding, which applies a narrow-scope form of data flow integrity to restrict the acceptable values of arguments that cannot be statically derived. We have implemented Saffire on top of LLVM, and applied it to a set of 11 applications, including Nginx, Firefox, and Chrome. The results of our experimental evaluation with a set of 17 real-world ROP exploits and three whole-function reuse exploits demonstrate the effectiveness of Saffire in preventing these attacks while incurring a negligible runtime overhead.
Citation Keymishra_saffire_2020