Hyungjoon Koo will be defending his dissertation this Wednesday (May 8)
at 1pm in NCS 220. You are warmly invited to hear about Hyungjoon's work
on software security!

Title:
Practical Software Specialization against Code Reuse Attacks

Abstract:
Software bugs are everywhere. Among them, exploitable bugs often
threaten the security and privacy of users. The security community has
been combating memory corruption vulnerabilities that can lead to code
injection or code reuse attacks for several decades. Although the
deployment of exploit mitigations (e.g. non-executable memory and
address space layout randomization) in modern operating systems has
raised the bar, recent adversarial advancements in code reuse attacks
(e.g. disclosure-aided or just-in-time return oriented programming
(JIT-ROP)) still allow adversaries to bypass these mitigations and
achieve successful exploitation. Such sophisticated attacks can be
mitigated further using fine-grained code diversification, as either a
standalone defense or a prerequisite of other protections (e.g.
execute-only memory). However, despite decades of research, software
diversity has remained mostly an academic exercise for three main
reasons: i) lack of a transparent and streamlined model for delivering
diversified binaries to end users, ii) unaffordable cost and complexity
for creating diversified variants, and iii) incompatibility with
well-established soft- ware build, regression testing, debugging, crash
reporting, diagnostics, and security monitoring workflows and mechanisms.

In this dissertation, we present a practical software specialization
framework against code reuse attacks, tackling various roadblocks that
have so far prevented the practical deployment of code diversification
and specialization. First, we propose instruction displacement, a
practical code diversification technique for stripped binary
executables, applicable even with partial code disassembly coverage. It
aims to improve the randomization coverage and entropy of existing
binary- level code diversification techniques by displacing any
non-randomized gadgets to random locations. Second, we also explore code
inference attacks and defenses: a novel code inference attack that can
under- mine defenses based on destructive code reads, and a practical
defense against such inference attacks based on code re-randomization.
Next, we present compiler-assisted code randomization, a
compiler-rewriter cooperation approach that allows for practical,
generic, robust, and fast fine-grained code transformation on endpoints.
It is based on a hybrid model in which both vendors and endpoints
jointly participate in creating specialized instances of a given
application, satisfying four key factors for successful deployment:
transparency, reliability, compatibility, and cost. To this end, we
identify a minimal set of supplementary information for code
diversification from the compilation toolchain (compiler and linker),
and augment binaries with transformation-assisting metadata for
on-demand rewriting on end- points. The results of our experimental
evaluation demonstrate the feasibility and practicality of this
approach, as on average it incurs a modest file size increase and
negligible runtime overhead. Lastly, we introduce configuration-driven
code debloating, an approach that removes feature-specific shared
libraries that are exclusively needed only when certain configuration
directives are specified by the user, and which are typically disabled
by default.