Dynamic reencryption of return addresses

Hyungyu Lee, Changwoo Pyo, Kyung Ho Lee

Research output: Contribution to journalArticle

Abstract

The authors present dynamic reencryption of return addresses to mitigate their leakage. The authors’ method enforces programs to save return addresses as encrypted and renew the encryption states with fresh keys before or after vulnerable operations. When a function returns, it should restore the return address from its encryption using the most recent key not to cause a crash. Under the protection of their method, return addresses and keys may leak, but the disclosed bits become garbage because keys govern all return addresses through encryption, while changing before control-flow proceeds into a vulnerable region. As a result, it becomes probabilistically infeasible to build exploits for intercepting control-flow by using leaked return addresses or keys. They implemented the proposed method as an extension of the LLVM compiler that inserts reencryption code where necessary. They also have confirmed its effectiveness against information leak attacks carried out in the early stage of blind return-oriented programming (BROP). The performance overhead ranges below 11.6% for processor-intensive programs and 4.12% or less for web servers.

Original languageEnglish
Pages (from-to)76-85
Number of pages10
JournalIET Information Security
Volume13
Issue number1
DOIs
Publication statusPublished - 2019 Jan 1

Fingerprint

Cryptography
Flow control
Servers

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Networks and Communications

Cite this

Dynamic reencryption of return addresses. / Lee, Hyungyu; Pyo, Changwoo; Lee, Kyung Ho.

In: IET Information Security, Vol. 13, No. 1, 01.01.2019, p. 76-85.

Research output: Contribution to journalArticle

Lee, Hyungyu ; Pyo, Changwoo ; Lee, Kyung Ho. / Dynamic reencryption of return addresses. In: IET Information Security. 2019 ; Vol. 13, No. 1. pp. 76-85.
@article{bf8d2fa51a04447ca3b1fe640378f793,
title = "Dynamic reencryption of return addresses",
abstract = "The authors present dynamic reencryption of return addresses to mitigate their leakage. The authors’ method enforces programs to save return addresses as encrypted and renew the encryption states with fresh keys before or after vulnerable operations. When a function returns, it should restore the return address from its encryption using the most recent key not to cause a crash. Under the protection of their method, return addresses and keys may leak, but the disclosed bits become garbage because keys govern all return addresses through encryption, while changing before control-flow proceeds into a vulnerable region. As a result, it becomes probabilistically infeasible to build exploits for intercepting control-flow by using leaked return addresses or keys. They implemented the proposed method as an extension of the LLVM compiler that inserts reencryption code where necessary. They also have confirmed its effectiveness against information leak attacks carried out in the early stage of blind return-oriented programming (BROP). The performance overhead ranges below 11.6{\%} for processor-intensive programs and 4.12{\%} or less for web servers.",
author = "Hyungyu Lee and Changwoo Pyo and Lee, {Kyung Ho}",
year = "2019",
month = "1",
day = "1",
doi = "10.1049/iet-ifs.2018.5142",
language = "English",
volume = "13",
pages = "76--85",
journal = "IET Information Security",
issn = "1751-8709",
publisher = "Institution of Engineering and Technology",
number = "1",

}

TY - JOUR

T1 - Dynamic reencryption of return addresses

AU - Lee, Hyungyu

AU - Pyo, Changwoo

AU - Lee, Kyung Ho

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The authors present dynamic reencryption of return addresses to mitigate their leakage. The authors’ method enforces programs to save return addresses as encrypted and renew the encryption states with fresh keys before or after vulnerable operations. When a function returns, it should restore the return address from its encryption using the most recent key not to cause a crash. Under the protection of their method, return addresses and keys may leak, but the disclosed bits become garbage because keys govern all return addresses through encryption, while changing before control-flow proceeds into a vulnerable region. As a result, it becomes probabilistically infeasible to build exploits for intercepting control-flow by using leaked return addresses or keys. They implemented the proposed method as an extension of the LLVM compiler that inserts reencryption code where necessary. They also have confirmed its effectiveness against information leak attacks carried out in the early stage of blind return-oriented programming (BROP). The performance overhead ranges below 11.6% for processor-intensive programs and 4.12% or less for web servers.

AB - The authors present dynamic reencryption of return addresses to mitigate their leakage. The authors’ method enforces programs to save return addresses as encrypted and renew the encryption states with fresh keys before or after vulnerable operations. When a function returns, it should restore the return address from its encryption using the most recent key not to cause a crash. Under the protection of their method, return addresses and keys may leak, but the disclosed bits become garbage because keys govern all return addresses through encryption, while changing before control-flow proceeds into a vulnerable region. As a result, it becomes probabilistically infeasible to build exploits for intercepting control-flow by using leaked return addresses or keys. They implemented the proposed method as an extension of the LLVM compiler that inserts reencryption code where necessary. They also have confirmed its effectiveness against information leak attacks carried out in the early stage of blind return-oriented programming (BROP). The performance overhead ranges below 11.6% for processor-intensive programs and 4.12% or less for web servers.

UR - http://www.scopus.com/inward/record.url?scp=85059937961&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85059937961&partnerID=8YFLogxK

U2 - 10.1049/iet-ifs.2018.5142

DO - 10.1049/iet-ifs.2018.5142

M3 - Article

VL - 13

SP - 76

EP - 85

JO - IET Information Security

JF - IET Information Security

SN - 1751-8709

IS - 1

ER -