The enormous growth of mobile devices and their app markets has raised many security and privacy concerns. Run-time attacks seem to be a major threat, in particular, code-reuse attacks that do not require any external code injection(e.g., return-to-libc or return-oriented programming). We present, for the first time, a code transformation tool that completely mitigates code-reuse attacks by applying software diversity to the binary at runtime. Our tool XIFER(1) randomly diversifies the code of an application over the entire memory for each invocation, (2) requires no source code or any static analysis, (3) can be applied to both Intelx86 and ARM Linux executables, and (4) induces a negligible runtime overhead of only 1% in average.
%0 Conference Paper
%1 TUD-CS-2012-0135
%A Davi, Lucas
%A Dmitrienko, Alexandra
%A Nürnberger, Stefan
%A Sadeghi, Ahmad-Reza
%B ACM International Workshop on Wireless of the Students, by the Students, for the Students (MOBICOM)
%D 2012
%K International-Conference-Workshop-Papers-Book-Chapters myown
%T XIFER: A Software Diversity Tool Against Code-Reuse Attacks
%X The enormous growth of mobile devices and their app markets has raised many security and privacy concerns. Run-time attacks seem to be a major threat, in particular, code-reuse attacks that do not require any external code injection(e.g., return-to-libc or return-oriented programming). We present, for the first time, a code transformation tool that completely mitigates code-reuse attacks by applying software diversity to the binary at runtime. Our tool XIFER(1) randomly diversifies the code of an application over the entire memory for each invocation, (2) requires no source code or any static analysis, (3) can be applied to both Intelx86 and ARM Linux executables, and (4) induces a negligible runtime overhead of only 1% in average.
@inproceedings{TUD-CS-2012-0135,
abstract = {The enormous growth of mobile devices and their app markets has raised many security and privacy concerns. Run-time attacks seem to be a major threat, in particular, code-reuse attacks that do not require any external code injection(e.g., return-to-libc or return-oriented programming). We present, for the first time, a code transformation tool that completely mitigates code-reuse attacks by applying software diversity to the binary at runtime. Our tool XIFER(1) randomly diversifies the code of an application over the entire memory for each invocation, (2) requires no source code or any static analysis, (3) can be applied to both Intelx86 and ARM Linux executables, and (4) induces a negligible runtime overhead of only 1% in average.},
added-at = {2020-05-03T20:09:10.000+0200},
author = {Davi, Lucas and Dmitrienko, Alexandra and Nürnberger, Stefan and Sadeghi, Ahmad-Reza},
biburl = {https://www.bibsonomy.org/bibtex/2d05c8a0d69e5d2d9a04ba3fb54dbe732/sssgroup},
booktitle = {ACM International Workshop on Wireless of the Students, by the Students, for the Students (MOBICOM)},
interhash = {ecf482b079015d5ccbe1ddf6eb4cafa6},
intrahash = {d05c8a0d69e5d2d9a04ba3fb54dbe732},
keywords = {International-Conference-Workshop-Papers-Book-Chapters myown},
month = {August},
pdf = {https://se2.informatik.uni-wuerzburg.de/publications/download/paper/1513.pdf},
timestamp = {2022-12-20T00:17:20.000+0100},
title = {XIFER: A Software Diversity Tool Against Code-Reuse Attacks},
venue = {ACM MOBICOM},
year = 2012
}