Function Risk Assessment Under Memory Leakage

Abstract

Code reuse attack (CRA), specifically reusing and then reconstructing the codes (gadgets) already existed in programs and libraries, is widely exploited in software attacks. Admittedly, determination of the location of the gadgets consisted of target instructions along with control flow transfer instructions, is of critical importance. Address Space Randomization (ASR), which serves as an effective technique to mitigate CRA, increases the entropy by randomizing the location of the code or data, and baffles adversaries from figuring out the memory layout. Currently, variable randomization methods of high granularity are proposed by scholars to prevent adversaries from deducting memory layout. However, their credibility on alleviating CRA is yet to be confirmed, especially when the suitable pointer is exposed to adversaries. In this paper, we focus on studying what kinds of function leakage can lead to a CRA more likely. A function risk assessment model focusing on function coupling is proposed to quantify the risk caused by the suitable function pointer leakage and it is extended to assess the risk of the whole program and library under the memory leakage. Our experimental results show that popular open-source software is vulnerable when certain code pointer is leaked to adversaries and even severer when the system library is accessible. In addition, suggestions to eliminate function coupling and evaluate the availability of randomization methods are further discussed.