Lightweight and Seamless Memory Randomization for Mission-Critical Services in a Cloud Platform

Joobeom Yun,Ki-Woong Park,Dongyoung Koo,Youngjoo Shin

doi:10.3390/en13061332

Joobeom Yun, Ki-Woong Park + Show 2 more

Open Access

https://doi.org/10.3390/en13061332

Copy DOI

Journal: Energies	Publication Date: Mar 13, 2020
Citations: 5	License type: CC BY 4.0

Affiliation: Sejong University, Hansung University, Kwangwoon University

Abstract

Nowadays, various computing services are often hosted on cloud platforms for their availability and cost effectiveness. However, such services are frequently exposed to vulnerabilities. Therefore, many countermeasures have been invented to defend against software hacking. At the same time, more complicated attacking techniques have been created. Among them, code-reuse attacks are still an effective means of abusing software vulnerabilities. Although state-of-the-art address space layout randomization (ASLR) runtime-based solutions provide a robust way to mitigate code-reuse attacks, they have fundamental limitations; for example, the need for system modifications, and the need for recompiling source codes or restarting processes. These limitations are not appropriate for mission-critical services because a seamless operation is very important. In this paper, we propose a novel ASLR technique to provide memory rerandomization without interrupting the process execution. In addition, we describe its implementation and evaluate the results. In summary, our method provides a lightweight and seamless ASLR for critical service applications.

Highlights

Nowadays, there is a lot of services being hosted on cloud computing platform
We propose SRandomizer, which follows the approach of runtime rerandomization by repeating the binary relocation at extremely short intervals (i.e., 50 ms)
Our experiment shows that SRandomizer causes a performance drop of less than 5% in the execution time of an evaluated application

Summary

Introduction

Critical vulnerabilities in cloud service application can result in huge disasters for governments, companies, and the military [1]. To prevent this threat, it is important to defend software against the vulnerability of attacks. The most effective methods are address space layout randomization (ASLR) [2] and data execution prevention (DEP). Many defenses against this attack have been proposed, address space layout randomization (ASLR) and data execution prevention (DEP) are the only effective ones among them [5]. Code-reuse attacks were introduced to avoid DEP This method utilizes the program code already present in the memory because the code injection becomes difficult to use.

Objectives

Discussion

Conclusion