Software Protects Against Code Reuse Attacks by Randomizing Code

Back to all technologies
Download as PDF
2014-BERT-66787
Return Oriented Programming (ROP) attacks are a current threat to computer security. In an ROP attack, code existing in a computer application is appropriated for malicious purposes. In the attack, pieces of this existing code are located and strung together, allowing the attacker to perform any arbitrary computation. This problem has previously been addressed by randomizing the addresses of large segments of code in hope that the ROP attack cannot find the necessary code. Unfortunately, this current security method is susceptible to brute-force attacks, which 32-bit systems are particularly susceptible when compared to 64-bit systems. Current security programs can also have the disadvantages of requiring the source code, designed to run too infrequently, or decreasing overall computer speed and performance.

Researchers at Purdue University have addressed these issues with a program designed for Unix-based systems, dubbed Marlin. Marlin takes a finer-grained approach to randomizing a program's code, rearranging at the level of "function blocks". Unlike other programs, Marlin randomizes the code every time a program is executed, resulting in near 100 percent rearrangement of function blocks. Using Marlin, the researchers have succeeded in preventing an attack on a program with a known vulnerability. The researchers estimate that for common Linux programs, 2730 brute force attempts at 14.3 seconds per attempt are necessary for a successful attack. Marlin also reduces the cost on computer performance by performing all the necessary computations before a program is launched, averaging 0.87 seconds each for 131 common Linux programs.

Advantages:
-Less susceptible to attacks than comparable software
-Does not affect the speed of an application once loaded
-Successful even against vulnerable software

Potential Applications:
-Computer Security
(No issued patents found)
Purdue Office of Technology Commercialization
1801 Newman Road
West Lafayette, IN 47906

Phone: (765) 588-3475
Fax: (765) 463-3486
Email: otcip@prf.org