Secure and Efficient In-Process Monitor and Multi-Variant Execution

Control flow hijacking attacks such as Return Oriented Programming (ROP) and data oriented attacks like Data Oriented Programming (DOP) are problems still plaguing modern software today. While there have been many attempts at hardening software and protecting against these attacks, the heavy perform...

Full description

Bibliographic Details
Main Author: Yeoh, SengMing
Other Authors: Electrical and Computer Engineering
Format: Others
Published: Virginia Tech 2021
Subjects:
Online Access:http://hdl.handle.net/10919/102158
Description
Summary:Control flow hijacking attacks such as Return Oriented Programming (ROP) and data oriented attacks like Data Oriented Programming (DOP) are problems still plaguing modern software today. While there have been many attempts at hardening software and protecting against these attacks, the heavy performance cost of running these defenses and intrusive modifications required has proven to be a barrier to adoption. In this work, we present Monguard, a high-performance hardware assisted in-process monitor protection system utilizing Intel Memory Protection Keys (MPK) to enforce execute-only memory, combined with code randomization and runtime binary patching to effectively protect and hide in-process monitors. Next, we introduce L-MVX, a flexible lightweight Multi-Variant Execution (MVX) system running in the in-process monitor system that aims to solve some of the performance problems of recent MVX defenses through selective program call graph protection and in-process monitoring, maintaining security guarantees either by breaking attacker assumptions or creating a scenario where a particular attack only works on a single variant. === Master of Science === Memory corruption attacks are still prevalent on modern software. While there have been many attempts at hardening software and preventing against these attacks, the heavy performance cost of running these defenses and intrusive modifications required have proven to be a barrier to adoption. In this work, we present L-MVX, a high-performance hardware assisted in-process monitor protection system that provides an unintrusive and efficient way to defend against these attacks on monitor systems. We also introduce L-MVX, a flexible lightweight process monitoring engine running on L-MVX that aims to solve some of the performance problems of recent monitor defenses.