NG-MVEE: A New Proposed Hybrid Technique for Enhanced Mitigation of Code Re-Use Attack

Abstract

Read online

Code-Reuse Attacks (CRAs) are solid mechanisms to bypass advanced software and hardware defenses because they use the software’s own code and they are very hard to be detected without significant overhead. Numerous methods have been proposed to protect against memory-based attacks that result from reusing parts of the attacked binary code. In this paper, two problems were tackled. the first problem is the lack of a categorized survey, analysis, and evaluation of the different CRAs proposed in the literature. The second problem is the inherent vulnerability that exists in protection techniques that are based on Multi-Variant Execution Environment (MVEE) since they are using shared Linux libraries with gadget-prone codes. In the paper a novel framework of CRA mitigation is introduced; fusing the two different prominent techniques of control flow integrity and multi-variant execution environment. The novel mitigation technique, named Next Generation MVEE (NG-MVEE), was built upon an existing generic CRA detection system (GHUMVEE) and complemented with a different CRA detection technique (G-Free) in order to provide comprehensive protection against code-reuse attacks. The outcome of the hybrid system is an optimized hybrid version of an MVEE technique, with minimal performance overhead increase due to the added protection layer of the G-Free technique. A median of 7% performance overhead resulted from the proposed protection system.

Keywords

• Code-reuse attacks
• exploit mitigation
• GHUMVEE
• G-Free
• hybrid-system
• software security