Stack Layout Randomization with Minimal Rewriting of Android Binaries

Yu LIANG; Xinjie MA; Daoyuan WU; Xiaoxiao TANG; Debin GAO; Guojun PENG; Chunfu JIA; Huanguo ZHANG

doi:10.1007/978-3-319-30840-1_15

Stack Layout Randomization with Minimal Rewriting of Android Binaries

Yu LIANG
, Xinjie MA
, Daoyuan WU
, Xiaoxiao TANG
, Debin GAO
, Guojun PENG^*
, Chunfu JIA
, Huanguo ZHANG

^*Corresponding author for this work

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

7 Citations (Scopus)

Abstract

Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by a state-of-the-art randomization approach) to 97.6% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks.

Original language	English
Title of host publication	Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers
Editors	Soonhak KWON, Aaram YUN
Publisher	Springer, Cham
Pages	229-245
Number of pages	17
ISBN (Electronic)	9783319308401
ISBN (Print)	9783319308395
DOIs	https://doi.org/10.1007/978-3-319-30840-1_15
Publication status	Published - 10 Mar 2016
Externally published	Yes
Event	18th International Conference on Information Security and Cryptology - Seoul, Korea, Republic of Duration: 25 Nov 2015 → 27 Nov 2015

Publication series

Name	Lecture Notes in Computer Science
Volume	9558
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th International Conference on Information Security and Cryptology
Abbreviated title	ICISC 2015
Country/Territory	Korea, Republic of
City	Seoul
Period	25/11/15 → 27/11/15

Bibliographical note

Publisher Copyright:
© Springer International Publishing Switzerland 2016.

Funding

This research was partially supported by the National Science Foundation of China (Grant No. 61202387, 61332019, and 61373168) and the National Key Basic Research Program of China (Grant No. 2014CB340600).

Keywords

Android security
Memory layout randomization

Access to Document

10.1007/978-3-319-30840-1_15

Cite this

LIANG, Y., MA, X., WU, D., TANG, X., GAO, D., PENG, G., JIA, C., & ZHANG, H. (2016). Stack Layout Randomization with Minimal Rewriting of Android Binaries. In S. KWON, & A. YUN (Eds.), Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers (pp. 229-245). (Lecture Notes in Computer Science; Vol. 9558). Springer, Cham. https://doi.org/10.1007/978-3-319-30840-1_15

LIANG, Yu ; MA, Xinjie ; WU, Daoyuan et al. / Stack Layout Randomization with Minimal Rewriting of Android Binaries. Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. editor / Soonhak KWON ; Aaram YUN. Springer, Cham, 2016. pp. 229-245 (Lecture Notes in Computer Science).

@inproceedings{e7e64f546c46426e97fa6cdcf1ac6d77,

title = "Stack Layout Randomization with Minimal Rewriting of Android Binaries",

abstract = "Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65\% (by a state-of-the-art randomization approach) to 97.6\% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks.",

keywords = "Android security, Memory layout randomization",

author = "Yu LIANG and Xinjie MA and Daoyuan WU and Xiaoxiao TANG and Debin GAO and Guojun PENG and Chunfu JIA and Huanguo ZHANG",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 18th International Conference on Information Security and Cryptology, ICISC 2015 ; Conference date: 25-11-2015 Through 27-11-2015",

year = "2016",

month = mar,

day = "10",

doi = "10.1007/978-3-319-30840-1\_15",

language = "English",

isbn = "9783319308395",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Cham",

pages = "229--245",

editor = "Soonhak KWON and Aaram YUN",

booktitle = "Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers",

}

LIANG, Y, MA, X, WU, D, TANG, X, GAO, D, PENG, G, JIA, C & ZHANG, H 2016, Stack Layout Randomization with Minimal Rewriting of Android Binaries. in S KWON & A YUN (eds), Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. Lecture Notes in Computer Science, vol. 9558, Springer, Cham, pp. 229-245, 18th International Conference on Information Security and Cryptology, Seoul, Korea, Republic of, 25/11/15. https://doi.org/10.1007/978-3-319-30840-1_15

Stack Layout Randomization with Minimal Rewriting of Android Binaries. / LIANG, Yu; MA, Xinjie; WU, Daoyuan et al.
Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. ed. / Soonhak KWON; Aaram YUN. Springer, Cham, 2016. p. 229-245 (Lecture Notes in Computer Science; Vol. 9558).

Research output: Book Chapters | Papers in Conference Proceedings › Conference paper (refereed) › Research › peer-review

TY - GEN

T1 - Stack Layout Randomization with Minimal Rewriting of Android Binaries

AU - LIANG, Yu

AU - MA, Xinjie

AU - WU, Daoyuan

AU - TANG, Xiaoxiao

AU - GAO, Debin

AU - PENG, Guojun

AU - JIA, Chunfu

AU - ZHANG, Huanguo

PY - 2016/3/10

Y1 - 2016/3/10

N2 - Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by a state-of-the-art randomization approach) to 97.6% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks.

AB - Stack-based attacks typically require that attackers have a good understanding of the stack layout of the victim program. In this paper, we leverage specific features on ARM architecture and propose a practical technique that introduces randomness to the stack layout when an Android application executes. We employ minimal binary rewriting on the Android app that produces randomized executable of the same size which can be executed on an unmodified Android operating system. Our experiments on applying this randomization on the most popular 20 free Android apps on Google Play show that the randomization coverage of functions increases from 65% (by a state-of-the-art randomization approach) to 97.6% with, on average, 4 and 7 bits of randomness applied to each 16-bit and 32-bit function, respectively. We also show that it is effective in defending against stack-based memory vulnerabilities and real-world ROP attacks.

KW - Android security

KW - Memory layout randomization

UR - https://www.scopus.com/pages/publications/84961151019

U2 - 10.1007/978-3-319-30840-1_15

DO - 10.1007/978-3-319-30840-1_15

M3 - Conference paper (refereed)

AN - SCOPUS:84961151019

SN - 9783319308395

T3 - Lecture Notes in Computer Science

SP - 229

EP - 245

BT - Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers

A2 - KWON, Soonhak

A2 - YUN, Aaram

PB - Springer, Cham

T2 - 18th International Conference on Information Security and Cryptology

Y2 - 25 November 2015 through 27 November 2015

ER -

LIANG Y, MA X, WU D, TANG X, GAO D, PENG G et al. Stack Layout Randomization with Minimal Rewriting of Android Binaries. In KWON S, YUN A, editors, Information Security and Cryptology - ICISC 2015: 18th International Conference, Seoul, South Korea, November 25-27, 2015, Revised Selected Papers. Springer, Cham. 2016. p. 229-245. (Lecture Notes in Computer Science). Epub 2016 Mar 9. doi: 10.1007/978-3-319-30840-1_15

Stack Layout Randomization with Minimal Rewriting of Android Binaries

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this