Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

11-2015

Abstract

Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by a state-of-the-art randomization approach) to 97.6% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks.

Keywords

Memory layout randomization, Android security

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Information Security and Cryptology: 18th International Conference ICISC 2015, Seoul, November 25-27: Proceedings

Volume

9558

First Page

229

Last Page

245

ISBN

9783319308401

Identifier

10.1007/978-3-319-30840-1_15

Publisher

Springer

City or Country

New York

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1007/978-3-319-30840-1_15

Download

Share

COinS