Runtime Attacks and Defenses

In the research area of secure system software we will mainly focus in the development of robust, available, survivable systems, and the design of security technologies to protect the integrity of an application’s control-flow at runtime for mobile and embedded systems. In the following we will motivate and describe our research on defending control-flow attacks.

 

Motivation

Global players such as Google and Apple provide hundreds of thousands applications for different purposes and use cases on their “App Stores”, e.g., games, lifestyle, books, entertainment, etc. A number of these applications are free of charge, while for others the customer has to pay a fee. A recent download statistic states that over 10 billion apps have been already downloaded from the Google Android market.

The high number of downloaded applications increases at the same time the attack surface of the underlying platform, because many of the applications available today are developed by inexperienced and none-security aware developers. Note that everyone can become an Android or iOS developer by paying a reasonable amount of money. Hence, although an application may have no malicious intent, it may suffer from diverse vulnerabilities allowing an adversary to compromise the device and steal sensitive information (SMS, Contacts, Log Files, etc.) by means of runtime or control-flow attacks, e.g., code injection and return-oriented programming. These attacks are not only a threat on the iOS platform where applications are written in the unsafe Objective C language, but also affect Android because all Android applications are linked to a number of native libraries which are subject to traditional control-flow attacks.

The main principle of control-flow attacks is shown in the figure below. First, the adversary exploits a memory-related vulnerability (such as a buffer overflow) to subvert the targeted program-flow of an application. Second, the adversary redirects the program-flow either to injected malicious code (code injection attack) or to existing code pieces residing in the memory space of the vulnerable application to perform a return-into-libc or return-oriented programming attack.

Our Focus

Since control-flow or runtime attacks are a prevalent attack vector against today’s software programs, we will work on defining a new generation of technologies in this area. In this context, a major challenge is tackling modern control-flow attacks such as return-oriented programming. We aim to ensure that applications will execute under the enforcement of control-flow integrity (originally, proposed by Abadi et al. in 2005), particularly on smartphone and tablet platforms. This framework ensures that the control-flow of a program follows only legitimate paths determined in advance. In particular, our focus is on Android and the embedded Intel Atom processor.