Dynamic reencryption of return addresses

Hyungyu Lee, Changwoo Pyo, Kyung Ho Lee

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The authors present dynamic reencryption of return addresses to mitigate their leakage. The authors’ method enforces programs to save return addresses as encrypted and renew the encryption states with fresh keys before or after vulnerable operations. When a function returns, it should restore the return address from its encryption using the most recent key not to cause a crash. Under the protection of their method, return addresses and keys may leak, but the disclosed bits become garbage because keys govern all return addresses through encryption, while changing before control-flow proceeds into a vulnerable region. As a result, it becomes probabilistically infeasible to build exploits for intercepting control-flow by using leaked return addresses or keys. They implemented the proposed method as an extension of the LLVM compiler that inserts reencryption code where necessary. They also have confirmed its effectiveness against information leak attacks carried out in the early stage of blind return-oriented programming (BROP). The performance overhead ranges below 11.6% for processor-intensive programs and 4.12% or less for web servers.

Original languageEnglish
Pages (from-to)76-85
Number of pages10
JournalIET Information Security
Volume13
Issue number1
DOIs
Publication statusPublished - 2019 Jan 1

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Dynamic reencryption of return addresses'. Together they form a unique fingerprint.

  • Cite this