Memory corruption vulnerabilities have been exploited for decades to hijack the normal
operation of a program by injecting malicious code. As operating systems were hardened
against code injection, attackers started to explore code reuse (CR) techniques that combine
existing program instructions in unanticipated ways, allowing arbitrary actions at an attacker's
will. Mitigating such attacks is challenging, as the different ways in which the CR paradigm can
be incarnated make it hard to distinguish between normal and unexpected computations.
Moreover, defenses for one CR scheme typically fall short for other variants. Building on recent
research I authored in the area, I plan to tackle the ambitious goal of developing program
analysis and compiler techniques both to dissect CR attacks and to use CR itself as a defense
mechanism. Indeed, by destructuring the control flow, CR could be used as a tool to obfuscate
applications, making it harder for attackers to seek for vulnerabilities.
System designers and security researchers have proposed and
implemented several mitigations against CR attacks during the last decade. These solutions
target specific techniques and thus do not provide a general countermeasure against the CR
paradigm. Combining different defenses is not enough to achieve resilience against new
variants and would incur performance overheads that are not tolerable in production
environments. Although hardware mitigations have been rumored and even announced by
vendors in the latest years, it is unlikely that they will provide a silver bullet against CR
techniques. Also, recently found vulnerabilities in hardware implementations, such as Spectre
and Meltdown, are likely to slow down vendors in the design and integration of such complex
defenses. I therefore believe that a relevant by-product of my research could be to devise
mitigation techniques for CR attacks that stretch beyond mainstream techniques such as ROP,
possibly anticipating the attackers' moves.
- Impact and benefits -
As reported by Accenture, in 2017 cyber-crime costs accelerated with
organizations spending nearly 23 percent more than 2016 on average about $11.7 million per
company. Also, the average cost of a malware attack on a company is estimated at nearly $2.4
million. Cybersecurity Ventures estimates that damage related to cybercrime is projected to hit
$6 trillion annually by 2021. Cisco reports that 31% of organizations have experienced cyber
attacks on operational technology infrastructure. According to Accenture, malware and
web-based attacks are the two most costly attack types companies spent an average of US
$2.4 million in defense. In this alarming scenario, the quest for more effective techniques for
dissecting malicious payloads, many of which use CR techniques, is of the essence and has the
potential to counter the number of daily attacks to critical infrastructure and corporate systems.
At the same time, prevention based on reducing accessibility to the attack surface of
applications can slow down the number of attacks, by hindering the attacker's ability to perform
vulnerability analyses on target platforms. Hence, we believe that the proposed research can
make a step forward in the state of the art of defensive techniques, potentially supporting the
security community with new scientific methodologies that can benefit companies, governments,
and individuals.