PtrProxy: Efficient code re-randomization on AArch64 platform

Memory-unsafe programming languages, such as C/C++, are often used to develop system programs, rendering the programs susceptible to a variety of memory corruption attacks. Among these threats, just-in-time return-oriented programming (JIT-ROP) stands out as an advanced method for conducting code-re...

Full description

Saved in:
Bibliographic Details
Published inChina communications Vol. 22; no. 6; pp. 64 - 82
Main Authors Chenke, Luo, Jianming, Fu, Jiang, Ming, Mengfei, Xie, Guojun, Peng
Format Journal Article
LanguageEnglish
Published China Institute of Communications 01.06.2025
Subjects
code reuse attacks
Codes
Computer crashes
Layout
Payloads
Protection
Prototypes
re-randomization
Rendering (computer graphics)
return-oriented programming
Runtime
Security
security and privacy
Software
software security
Online AccessGet full text

Cover

More Information
Summary:Memory-unsafe programming languages, such as C/C++, are often used to develop system programs, rendering the programs susceptible to a variety of memory corruption attacks. Among these threats, just-in-time return-oriented programming (JIT-ROP) stands out as an advanced method for conducting code-reuse attacks, effectively circumventing code randomization safeguards. JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically. In response to JIT-ROP attacks, several re-randomization implementations have been developed to prevent the use of disclosed code. However, existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls, incurring significant runtime overhead. In this paper, we present the design and implementation of PtrProxy, an efficient re-randomization approach on the AArch64 platform. Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions, this approach triggers the re-randomization process by detecting the code page harvest operation, which is a fundamental operation of the JIT-ROP attacks, making our method more efficient and reliable than previous approaches. We evaluate PtrProxy on benchmarks and real-world applications. The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead.
ISSN:1673-5447
DOI:10.23919/JCC.ja.2024-0077