loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Vincent Haupert and Tilo Müller

Affiliation: Friedrich-Alexander University Erlangen-Nürnberg (FAU), Germany

Keyword(s): RIP Protection, ROP Prevention, Instruction-level Monitoring, Linux Kernel.

Related Ontology Subjects/Areas/Topics: Internet Technology ; Intrusion Detection and Response ; Web Information Systems and Technologies

Abstract: We present RIProtection (Rest In Protection), a novel Linux kernel-based approach that mitigates the tampering of return instruction pointers. RIProtection uses single stepping on branches for instruction-level monitoring to guarantee the integrity of the ret-based control-flow of user-mode programs. Our modular design of RIProtection allows an easy adoption of several security approaches relying on instruction-level monitoring. For this paper, we implemented two exclusive approaches to protect RIPs: XOR-based encryption as well as a shadow stack. Both approaches provide reliable protection of RIPs, while the shadow stack additionally prevents return-oriented programming and withstands information leakages of the user-mode stack. While the performance of RIProtection is a severe drawback, its compatibility with regard to hardware and software requirements is outstanding because it supports virtually all 64-bit programs without recompilation or binary rewriting.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 44.213.65.97

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Haupert, V. and Müller, T. (2017). Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-209-7; ISSN 2184-4356, SciTePress, pages 25-37. DOI: 10.5220/0006083800250037

@conference{icissp17,
author={Vincent Haupert. and Tilo Müller.},
title={Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP},
year={2017},
pages={25-37},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006083800250037},
isbn={978-989-758-209-7},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP
TI - Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering
SN - 978-989-758-209-7
IS - 2184-4356
AU - Haupert, V.
AU - Müller, T.
PY - 2017
SP - 25
EP - 37
DO - 10.5220/0006083800250037
PB - SciTePress