Mitigating ROP Attacks via ARM-Specific In-Place Instruction Randomization

摘要

Defending against return-oriented programing (ROP) attacks is extremely challenging for modern operating systems.As the most popular mobile OS running on ARM,Android is even more vulnerable to ROP attacks due to its weak implementation of ASLR and the absence of effective control-flow integrity enforcement.In this paper,leveraging specific ARM features,an instruction randomization strategy to mitigate ROP attacks in Android even with the threat of single pointer leakage vulnerabilities is proposed.By popping out more registers in functions' epilogue instructions and reallocating registers in function scopes,branch targets in all (direct and indirect) branch instructions potential to be ROP gadgets are changed randomly.Without the knowledge of binaries' runtime instructions layout,adversary's repeated control flow transfer in ROP exploits will be subverted.Furthermore,this instruction randomization idea has been implemented in both Android Dalvik runtime and ART.Corresponding evaluations proved it is capable to introduce enough randomness for more than 99％ discovered functions and thwart about 95％ ROP gadgets in application's shared libraries and oat file compiled from Dalvik bytecode.Besides,evaluations on real-world exploits also confirmed its effectiveness on mitigating ROP attacks within acceptable performance overhead.