loading
Papers

Research.Publish.Connect.

Paper

Authors: Vincent Haupert and Tilo Müller

Affiliation: Friedrich-Alexander University Erlangen-Nürnberg (FAU), Germany

ISBN: 978-989-758-209-7

Keyword(s): RIP Protection, ROP Prevention, Instruction-level Monitoring, Linux Kernel.

Related Ontology Subjects/Areas/Topics: Internet Technology ; Intrusion Detection and Response ; Web Information Systems and Technologies

Abstract: We present RIProtection (Rest In Protection), a novel Linux kernel-based approach that mitigates the tampering of return instruction pointers. RIProtection uses single stepping on branches for instruction-level monitoring to guarantee the integrity of the ret-based control-flow of user-mode programs. Our modular design of RIProtection allows an easy adoption of several security approaches relying on instruction-level monitoring. For this paper, we implemented two exclusive approaches to protect RIPs: XOR-based encryption as well as a shadow stack. Both approaches provide reliable protection of RIPs, while the shadow stack additionally prevents return-oriented programming and withstands information leakages of the user-mode stack. While the performance of RIProtection is a severe drawback, its compatibility with regard to hardware and software requirements is outstanding because it supports virtually all 64-bit programs without recompilation or binary rewriting.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.204.48.199

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Haupert, V. and Müller, T. (2017). Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering.In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 25-37. DOI: 10.5220/0006083800250037

@conference{icissp17,
author={Vincent Haupert. and Tilo Müller.},
title={Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={25-37},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006083800250037},
isbn={978-989-758-209-7},
}

TY - CONF

JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering
SN - 978-989-758-209-7
AU - Haupert, V.
AU - Müller, T.
PY - 2017
SP - 25
EP - 37
DO - 10.5220/0006083800250037

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.