PtrProxy: Efficient code re-randomization on AArch64 platform
Memory-unsafe programming languages, such as C/C++, are often used to develop system programs, rendering the programs susceptible to a variety of memory corruption attacks. Among these threats, just-in-time return-oriented programming (JIT-ROP) stands out as an advanced method for conducting code-re...
Saved in:
| Published in | China communications Vol. 22; no. 6; pp. 64 - 82 |
|---|---|
| Main Authors | , , , , |
| Format | Journal Article |
| Language | English |
| Published |
China Institute of Communications
01.06.2025
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Memory-unsafe programming languages, such as C/C++, are often used to develop system programs, rendering the programs susceptible to a variety of memory corruption attacks. Among these threats, just-in-time return-oriented programming (JIT-ROP) stands out as an advanced method for conducting code-reuse attacks, effectively circumventing code randomization safeguards. JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically. In response to JIT-ROP attacks, several re-randomization implementations have been developed to prevent the use of disclosed code. However, existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls, incurring significant runtime overhead. In this paper, we present the design and implementation of PtrProxy, an efficient re-randomization approach on the AArch64 platform. Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions, this approach triggers the re-randomization process by detecting the code page harvest operation, which is a fundamental operation of the JIT-ROP attacks, making our method more efficient and reliable than previous approaches. We evaluate PtrProxy on benchmarks and real-world applications. The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead. |
|---|---|
| AbstractList | Memory-unsafe programming languages, such as C/C++, are often used to develop system programs, rendering the programs susceptible to a variety of memory corruption attacks. Among these threats, just-in-time return-oriented programming (JIT-ROP) stands out as an advanced method for conducting code-reuse attacks, effectively circumventing code randomization safeguards. JIT-ROP leverages memory disclosure vulnerabilities to obtain reusable code fragments dynamically and assemble malicious payloads dynamically. In response to JIT-ROP attacks, several re-randomization implementations have been developed to prevent the use of disclosed code. However, existing re-randomization methods require recurrent re-randomization during program runtime according to fixed time windows or specific events such as system calls, incurring significant runtime overhead. In this paper, we present the design and implementation of PtrProxy, an efficient re-randomization approach on the AArch64 platform. Unlike previous methods that necessitate frequent runtime rerandomization or reply on unreliable triggering conditions, this approach triggers the re-randomization process by detecting the code page harvest operation, which is a fundamental operation of the JIT-ROP attacks, making our method more efficient and reliable than previous approaches. We evaluate PtrProxy on benchmarks and real-world applications. The evaluation results show that our approach can effectively protect programs from JIT-ROP attacks while introducing marginal runtime overhead. |
| Author | Mengfei, Xie Guojun, Peng Jianming, Fu Chenke, Luo Jiang, Ming |
| Author_xml | – sequence: 1 givenname: Luo surname: Chenke fullname: Chenke, Luo organization: Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China – sequence: 2 givenname: Fu surname: Jianming fullname: Jianming, Fu organization: Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China – sequence: 3 givenname: Ming surname: Jiang fullname: Jiang, Ming organization: Department of Computer Science, Tulane University, New Orleans, LA 70118 USA – sequence: 4 givenname: Xie surname: Mengfei fullname: Mengfei, Xie organization: Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China – sequence: 5 givenname: Peng surname: Guojun fullname: Guojun, Peng organization: Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China |
| BookMark | eNpFj89KxDAYxHNYwXXdBxA89AVa8yVpkgoeSln_seAe9By-pgm2bJsl7cH16e26gsPAXGYGfldkMYTBEXIDNGO8gOLutaqyDjNGmUgpVWpBliAVT3Mh1CVZj2NHZ2kpuWRL8rCb4i6Gr-N9svG-ta0bpsSGxiXRpRGHJvTtN05tGJLZZRntpxTJYY-TD7G_Jhce96Nb_-WKfDxu3qvndPv29FKV29SC0FNaSyxq7hmndeMBbI5cW8TcaakRkVkogDnfcA-1r5USjfas1oVC0LnXwFcEzr82hnGMzptDbHuMRwPU_GKbGdt0aE7Y5oQ9b27Pm9Y5998HKnItKf8Ba3JYbA |
| CODEN | CCHOBE |
| ContentType | Journal Article |
| DBID | 97E RIA RIE AAYXX CITATION |
| DOI | 10.23919/JCC.ja.2024-0077 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Economics |
| EndPage | 82 |
| ExternalDocumentID | 10_23919_JCC_ja_2024_0077 11045860 |
| Genre | orig-research |
| GroupedDBID | -SI -SJ -S~ 0R~ 29B 4.4 5GY 6IK 92H 92I 97E AAHTB AAJGR AARMG AASAJ AAWTH ABAZT ABJNI ABPEJ ABQJQ ABVLG AENEX AGQYO AGSQL AHBIQ AKJIK AKQYR ALMA_UNASSIGNED_HOLDINGS ATWAV AZLTO BEFXN BFFAM BGNUA BKEBE BPEOZ CAJEI CAJEJ EBS EJD HZ~ IFIPE IPLJI JAVBF M43 O9- OCL Q-- Q-9 RIA RIE RNS TCJ TGT U1G U5S U5T AAYXX CITATION RIG |
| ID | FETCH-LOGICAL-c148t-b6a9b3f230bdf11c5a38caa5e868aaa2c1912efd3f1bfb774d8f2b897a185f813 |
| IEDL.DBID | RIE |
| ISSN | 1673-5447 |
| IngestDate | Thu Jul 03 08:41:26 EDT 2025 Wed Aug 27 01:38:16 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 6 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c148t-b6a9b3f230bdf11c5a38caa5e868aaa2c1912efd3f1bfb774d8f2b897a185f813 |
| PageCount | 19 |
| ParticipantIDs | crossref_primary_10_23919_JCC_ja_2024_0077 ieee_primary_11045860 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-June |
| PublicationDateYYYYMMDD | 2025-06-01 |
| PublicationDate_xml | – month: 06 year: 2025 text: 2025-June |
| PublicationDecade | 2020 |
| PublicationTitle | China communications |
| PublicationTitleAbbrev | ChinaComm |
| PublicationYear | 2025 |
| Publisher | China Institute of Communications |
| Publisher_xml | – name: China Institute of Communications |
| SSID | ssj0000866362 |
| Score | 2.32656 |
| Snippet | Memory-unsafe programming languages, such as C/C++, are often used to develop system programs, rendering the programs susceptible to a variety of memory... |
| SourceID | crossref ieee |
| SourceType | Index Database Publisher |
| StartPage | 64 |
| SubjectTerms | code reuse attacks Codes Computer crashes Layout Payloads Protection Prototypes re-randomization Rendering (computer graphics) return-oriented programming Runtime Security security and privacy Software software security |
| Title | PtrProxy: Efficient code re-randomization on AArch64 platform |
| URI | https://ieeexplore.ieee.org/document/11045860 |
| Volume | 22 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3LS8MwGA-6i158TpwvevAkpGvzaip4kLExBo4dHOxWkjQ5TNnG7C7-9X5JO18gCKWUEtrwfWm_V36_D6FbbrhJnCfD49JiprnAoOYEw68vsRnNLBce7_w0FsMpG834rAGrByyMtTZsPrOxvwy1_HJpNj5V1gVTxbgUEKHvQuRWg7U-EyrgmwsaGoimIvMFf5bVVUxC8zTvjnq9eO6JhgjDnsPmhx361lgl2JXBIRpvZ1RvJ3mJN5WOzfsvssZ_T_kIHTQeZvRYL4ljtGMXJ2hvC0B-O0UPk2o98a-7j_qBQAKeEHloe7S2GExXCeNqcGYEx6PnphUsWr2qyju4bTQd9J97Q9x0UcAGQp0Ka6FyTR2EGrp0aWq4otIoxa0UUilFDERsxLqSulQ7Dd5gKR3RMs8UmHInU3qGWovlwp6jyClpc2OshhPLaSKZMUQrDV-9YYyYDrrbyrRY1WQZBQQZQQEFKKCYq8IroPAK6KC2F9fXwEZSF3_cv0T7xPfeDRmQK9Sq1ht7DQ5BpW_CQvgAlPWxxA |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwzV1bS8MwFD54eZgvXife7YO-CJ1tmqSp4INMZW4qe9hgbzVJk4cpU2aH6H_xr_jbPGk3b-CjIJRSSihpvpDzneSc7wDsMc10YJ0YHhPGp4pxH2EOfFz6AhNHsWHc5TtfXfNGlzZ7rDcFrx-5MMaYIvjM1NxjcZaf3euR2yo7RFNFmeDBOIayZZ6f0EN7PL44RTj3CTk_69Qb_riIgK-R6ee-4jJRkUWmrTIbhprJSGgpmRFcSCmJRoeFGJtFNlRWIRnKhCVKJLFES2ZFGOF3p2EWiQYjZXrYxxYOegM8KkqWhjx2IQY0Ls9NSZSEyWGzXq_1nbQRob5Tzflm-b6Uciks2fkCvE3GoAxgua2NclXTLz_kIf_tIC3C_JhDeyflpF-CKTNYhsokxfpxBY7b-bDtfu_IOyskMrDHnkve94bGR-OcYbsy_dTD68Sp73LqPdzJ3FH4KnT_pPerMDO4H5g18KwUJtHaKLzRJAoE1ZooqXBd05QSvQ4HEwzTh1IOJEU3qgA8RcDTvkwd4KkDfB2qDp7PhmNkNn55vwuVRufqMr28uG5twhxxlYaL_Z4tmMmHI7ON9CdXO8Uk9ODmrwF9B-c5Eb8 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=PtrProxy%3A+Efficient+code+re-randomization+on+AArch64+platform&rft.jtitle=China+communications&rft.au=Chenke%2C+Luo&rft.au=Jianming%2C+Fu&rft.au=Jiang%2C+Ming&rft.au=Mengfei%2C+Xie&rft.date=2025-06-01&rft.issn=1673-5447&rft.volume=22&rft.issue=6&rft.spage=64&rft.epage=82&rft_id=info:doi/10.23919%2FJCC.ja.2024-0077&rft.externalDBID=n%2Fa&rft.externalDocID=10_23919_JCC_ja_2024_0077 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1673-5447&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1673-5447&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1673-5447&client=summon |