Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2015: Network and System Security pp 112–129Cite as

DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Abstract

Security of embedded devices today is a critical requirement for the Internet of Things (IoT) as these devices will access sensitive information such as social security numbers and health records. This makes these devices a lucrative target for attacks exploiting vulnerabilities to inject malicious code or reuse existing code to alter the execution of their software. Existing defense techniques have major drawbacks such as requiring source code or symbolic debugging information, and high overhead, limiting their applicability. In this paper we propose a novel defense technique, DisARM, that protects against both code-injection and code-reuse based buffer overflow attacks by breaking the ability for attackers to manipulate the return address of a function. Our approach operates on arbitrary executable binaries and thus does not require compiler support. In addition it does not require user interactions and can thus be automatically applied. Our experimental results show that our approach incurs low overhead and significantly increases the level of security against both code-injection and code-reuse based attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. byte-unixbench: A Unix benchmark suite. http://code.google.com/p/byte-unixbench/

  2. Aleph One: Smashing the stack for fun and profit. Phrack Magazine 49, 14 (November 1996)

    Google Scholar 

  3. ARM Holdings plc. ARM Architecture Reference Manual

    Google Scholar 

  4. Bhatkar, E., Duvarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proc. of the 12th USENIX Security Symposium, pp. 105–120 (2003)

    Google Scholar 

  5. Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proc. of the 14th Conference on USENIX Security Symposium. SSYM 2005, vol. 14, pp. 17–17 (2005)

    Google Scholar 

  6. Bletsch, T., Jiang, X., Freeh, V.: Jump-oriented programming: A new class of code-reuse attack. Tech. Rep. TR-2010-8, North Carolina State University (2010)

    Google Scholar 

  7. Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Proc. of the 27th Annual Computer Security Applications Conference. ACSAC 2011, pp. 353–362. ACM, New York (2011)

    Google Scholar 

  8. Buchanan, E., Roemer, R., Shacham, H., Savage, S.: When good instructions go bad: generalizing return-oriented programming to risc. In: Proc. of the 15th ACM Conference on Computer and Communications Security, pp. 27–38 (2008)

    Google Scholar 

  9. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proc. of the 17th ACM Conference on Computer and Communications Security, pp. 559–572 (2010)

    Google Scholar 

  10. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proc. of the 20th USENIX Conference on Security. SEC 2011, p. 6. USENIX Association, Berkeley (2011)

    Google Scholar 

  11. Chen, P., Xiao, H., Shen, X., Yin, X., Mao, B., Xie, L.: DROP: detecting return-oriented programming malicious code. In: Prakash, A., Sen Gupta, I. (eds.) ICISS 2009. LNCS, vol. 5905, pp. 163–177. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. Chen, P., Xing, X., Han, H., Mao, B., Xie, L.: Efficient detection of the return-oriented programming malicious code. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 140–155. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Chen, P., Xing, X., Mao, B., Xie, L.: Return-oriented rootkit without returns (on the x86). In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 340–354. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Miessler, D.: HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack (July 2014). http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-Study-Reveals-70-Percent-of//-Internet-of-Things-Devices/ba-p/6556284#.VH4faTHF9Zg

  15. Evans, D.: The Internet of Things How the Next Evolution of the Internet is Changing Everything (April 2011). http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

  16. Davi, L., Dmitrienko, A., Egele, M., Fischer, T., Holz, T., Hund, R., Nürnberger, S., Sadeghi, A.-R.: Mocfi: a framework to mitigate control-flow attacks on smartphones. In: NDSS (2012)

    Google Scholar 

  17. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Proc. of the 13th International Conference on Information Security, pp. 346–360 (2011)

    Google Scholar 

  18. Davi, L., Sadeghi, A.-R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: Proc. of the 2009 ACM workshop on Scalable trusted computing, pp. 49–54 (2009)

    Google Scholar 

  19. Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 40–51 (2011)

    Google Scholar 

  20. Davi, L.V., Dmitrienko, A., Nürnberger, S., Sadeghi, A.-R.: Gadge me if you can: secure and efficient ad-hoc instruction-level randomization for x86 and arm. In: Proc. of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. ASIA CCS 2013, pp. 299–310. ACM, New York (2013)

    Google Scholar 

  21. Debian Foundation. Raspbian. http://www.raspbian.org/

  22. Francillon, A., Castelluccia, C.: Code injection attacks on harvard-architecture devices. In: Proc. of the 15th ACM Conference on Computer and Communications Security, pp. 15–26 (2008)

    Google Scholar 

  23. Franz, M., Brunthaler, S., Larsen, P., Homescu, A., Neisius, S.: Profile-guided automated software diversity. In: Proc. of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). CGO 2013, pp. 1–11. IEEE Computer Society, Washington (2013)

    Google Scholar 

  24. Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: Proc. of the 21st USENIX Conference on Security Symposium. Security 2012, pp. 40–40. USENIX Association, Berkeley (2012)

    Google Scholar 

  25. Gupta, A., Habibi, J., Kirkpatrick, M., Bertino, E.: Marlin: Mitigating code reuse attacks using code randomization. IEEE Transactions on Dependable and Secure Computing PP(99), 1–1 (2014)

    Google Scholar 

  26. Hiser, J., Nguyen-Tuong, A., Co, M., Hall, M., Davidson, J.W.: Ilr: where’d my gadgets go? In: Proc. of the 2012 IEEE Symposium on Security and Privacy, pp. 571–585 (2012)

    Google Scholar 

  27. Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Librando: transparent code randomization for just-in-time compilers. In: Proc. of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS 2013, pp. 993–1004. ACM, New York (2013)

    Google Scholar 

  28. Hund, R., Holz, T., Freiling, F.C.: Return-oriented rootkits: bypassing kernel code integrity protection mechanisms. In: Proc. of the 18th Conference on USENIX Security Symposium. SSYM 2009, pp. 383–398 (2009)

    Google Scholar 

  29. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proc. of the 10th ACM Conference on Computer and Communications Security. CCS 2003, pp. 272–280. ACM, New York (2003)

    Google Scholar 

  30. Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with “return-less” kernels. In: Proc. of the 5th European Conference on Computer Systems, pp. 195–208 (2010)

    Google Scholar 

  31. Newsome, J., Shi, E., Song, D., Perrig, A.: The sybil attack in sensor networks: analysis & defenses. In: Proc. of the 3rd International Symposium on Information Processing in Sensor Networks. IPSN 2004, pp. 259–268. ACM, New York (2004)

    Google Scholar 

  32. Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., Kirda, E.: G-free: defeating return-oriented programming through gadget-less binaries. In: Proc. of the 26th Annual Computer Security Applications Conference, pp. 49–58 (2010)

    Google Scholar 

  33. Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: Proc. of the 2012 IEEE Symposium on Security and Privacy. SP 2012, pp. 601–615. IEEE Computer Society, Washington (2012)

    Google Scholar 

  34. PaX Team. PaX. http://pax.grsecurity.net/

  35. Pewny, J., Holz, T.: Control-flow restrictor: compiler-based CFI for IOS. In: Proc. of the 29th Annual Computer Security Applications Conference, pp. 309–318. ACM (2013)

    Google Scholar 

  36. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-oriented programming: Systems, languages, and applications. ACM Trans. Inf. Syst. Secur. 15(1), 2:1–2:34 (2012)

    Article  Google Scholar 

  37. Roglia, G., Martignoni, L., Paleari, R., Bruschi, D.: Surgically returning to randomized lib(c). In: Annual Computer Security Applications Conference. ACSAC 2009, pp. 60–69, December 2009

    Google Scholar 

  38. Salwan, J.: ROPgadget tool. http://shell-storm.org/project/ROPgadget/

  39. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proc. of the 11th ACM Conference on Computer and Communications Security, pp. 298–307 (2004)

    Google Scholar 

  40. Shioji, E., Kawakoya, Y., Iwamura, M., Hariu, T.: Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks. In: Proc. of the 28th Annual Computer Security Applications Conference. ACSAC 2012, pp. 309–318. ACM, New York (2012)

    Google Scholar 

  41. Sovarel, A.N., Evans, D., Paul, N.: Where’s the feeb? The effectiveness of instruction set randomization. In: Proc. of the 14th Conference on USENIX Security Symposium, vol. 14, pp. 10–10 (2005)

    Google Scholar 

  42. Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: hijacking with hitag2. In: Proc. of the 21st USENIX Conference on Security Symposium. Security 2012, pp. 37–37. USENIX Association, Berkeley (2012)

    Google Scholar 

  43. Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proc. of the 2012 ACM Conference on Computer and Communications Security. CCS 2012, pp. 157–168. ACM, New York (2012)

    Google Scholar 

  44. Williams, D., Hu, W., Davidson, J., Hiser, J., Knight, J., Nguyen-Tuong, A.: Security through diversity: leveraging virtual machine technology. IEEE Security Privacy 7(1), 26–33 (2009)

    Article  Google Scholar 

  45. Wright, A.: Hacking cars. Commun. ACM 54(11), 18–19 (2011)

    Article  Google Scholar 

  46. Li, X.-F.: ELF Parser. http://people.apache.org/ xli/

  47. Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, pp. 559–573 (2013)

    Google Scholar 

  48. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proc. of the 22Nd USENIX Conference on Security. SEC 2013, pp. 337–352. USENIX Association, Berkeley (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, IN, 47907, USA

    Javid Habibi, Ajay Panicker, Aditi Gupta & Elisa Bertino

Authors
  1. Javid Habibi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ajay Panicker
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aditi Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Javid Habibi .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Habibi, J., Panicker, A., Gupta, A., Bertino, E. (2015). DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation