Explore a groundbreaking defense against code-reuse attacks in this IEEE Symposium on Security & Privacy conference talk. Delve into Readactor, the first practical, fine-grained code randomization defense resilient to both static and dynamic return-oriented programming (ROP) attacks. Learn how this innovative approach addresses direct and indirect memory disclosure vulnerabilities, protects statically and dynamically generated code, and utilizes hardware features for execute-only memory. Discover the compiler-based code generation paradigm that hides code pointers from potential adversaries. Examine the implementation of Readactor in the Google Chromium browser and its V8 JIT compiler, and explore its efficiency with an average SPEC CPU2006 performance overhead of only 6.4%.
Readactor: Practical Code Randomization Resilient to Memory Disclosure
Overview
Syllabus
Intro
Adversary Model / Assumptions
Disclosure of Randomized Code
Code Disclosure
Preventing Direct Disclosure
Execute-Only EPT Mapping
Indirect Disclosure Attack
Code-Pointer Hiding
Readactor Compiler
Runtime Architecture
JIT Compiler Support
Evaluation
SPEC CPU2006
Conclusion
Taught by
IEEE Symposium on Security and Privacy
