ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part of the slides from N. Carlini Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion Background Code injection ● Usually exploited in a buffer overrun vulnerability. ● Inject malicious code ● Overwrites return address of a function. ● Return address -> malicious code Background Code injection Data Execution Prevention (DEP) ● Security feature in modern OS ● Ensures writable pages in memory are not executable ● Stack is no longer executable ● Code cannot be injected Background Code injection Data Execution Prevention (DEP) Return Oriented Programming (ROP) Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion ROP Attacks Gadgets ! ROP Attacks ● Perform malicious computation by only controlling the execution flow ● Each gadget performs small computation ● Gadget chaining is achieved by influencing indirect jumps ● Need to write appropriate values over the stack ROP Attacks 1. 2. 3. 4. 5. 6. eax stores 4a304120 ebs stores 00032400 eax stores [4a304120] (OV) eax stores (OV + 00032400) ecx stores 4a304120 [4a304120] stores (OV + 00032400) ROP Attacks Defend ROP Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion Attack Primitives Three building blocks are useful in attacking ROP defenses 1. Call-Preceded ROP 2. Evasion Attack 3. History Flushing Call-Preceded ROP Call-Preceded Policy: Normally, every ret will return to an instruction that immediately follows a call Call-Preceded ROP ● The call-preceded policy limit the choices of gadgets ● Only 6% of gadgets are callpreceded ● People believe the call-preceded policy significantly increases the difficulty of mounting a ROP. ● However, the authors argue it is possible to mount ROP with this policy ● Allow more complex gadgets. ● 70KB of binary code Evasion Attacks Classification-based defense ● Monitoring the runtime behavior of a process ● Classify segments of execution as either “gadget” or “non-gadget” ● Length-based classifier (instructions separated by indirect instructions ● Long sequences of short gadgets -> ROP attack Evasion Attacks To break classification-based defense ● Using gadgets that look like benign execution ● An evasion attack is one that will be classified by the defense as normal. ● Actually evasion attack allows the attacker to mount a ROP History flushing History inspection defense ● Inspect program at different points throughout its execution ● Limited amount of history ● due to performance consideration, usually the inspection is invoked in certain points (issue a system call) History flushing To break History inspection defense ● Fool the defense by hiding ROP attack ● Perform ROP when not being watched ● Insert effective no-op instructions, stop making progress when being watched Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion Attack Goal and Threat Model Attack Goal: ● Issue a single syscall ● mprotect (Linux) or virtualprotect (windows), making a page in memory both executable and writable Threat Model: ● Attacker has a known exploit to control the instruction pointer in the future ● Typically it is a stack overflow Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion kBouncer kBouncer: a scheme that uses indirect branch tracing to detect ROP attacks ● Uses the Last Branch Record (LBR) to inspect the last 16 indirect branches each ● Run when a system call is invoked ● Low overhead ● Check 2 properties o Call-preceded? o Are 8 most recent gadget-like? (<20 instructions before an indirect branch) kBouncer Detected ! kBouncer History Hiding Attack ● Uses history flushing to clear evidence of ROP ● 3 steps o Initial exploitation: normal ROP attack (may not be callpreceded) until a syscall is about to be invoked o o Hide the history: flush the history Restore registers and issue the system call kBouncer Flush the history ● Consists of a short flushing gadget and a long termination gadget ● Short flushing gadget - satisfy callproceded requirement ● Repeat short flushing gadget 16 times ● Termination gadget - at least 20 instructions (non-gadget) kBouncer - Flush History kBouncer Restore registers ● Can be achieved with a few gadgets that pop register values off the stack ● Other ways o Jump Oriented Programming (JOP) o Call Oriented Programming (COP) o etc kBouncer What happens if kBouncer keeps the whole execution history? - can still be broken ● ● ● ● Initial phase will use only call-preceded gadget No flushing gadget is needed Break up short gadget chains with long termination gadget 70KB of program will have enough call-preceded calls to finish such a ROP attack Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion ROPecker ROPecker is a defense that builds on ideas found in kBouncer With a few differences ● ● ● ● ● ● Inspect more frequently Only a few pages are marked executable at one time Will be invoked each time a page not in executable set is executed Syscalls It looks both history and future to detect attack Future emulation will stop when there is not a short sequence of instruction leading to an indirect jump ROPecker: A generic and practical approach for defending against rop attacks. Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, and Robert H Deng. NDSS, 2014. ROPecker Repeated History Hiding Attack ● repeatedly invokes the history hiding primitives ● 3 phases o Loading phase: load useful pages into executable set o Attack phase: invokes gadgets on these pages o Flushing phase: mounts the history hiding attack using only gadgets from these pages ● May need to execute the 3 phases multiple time to achieve the goal ROPecker ROPecker Attack ROPecker is more complicated ● ● ● ● Carefully pick tasks during each step Flushing and Termination gadgets clober register states Pick independent operations for each step Pick pages that contain more gadgets ROPecker Evasion Attack ● Let ROPecker inspect at any time ● Insert a termination gadget in between every ten useful gadgets. ● Threshold is 11 (past and future) Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion Evaluation ● A tool is built to find attacks on real-world exploits ● The tool help find gadgets ● Enumerate all potential call-preceded gadgets Evaluation Modify Real-world Exploits to bypass kBouncer ● 4 real-world exploits are modified o MPlayer Lite r33063 o o o Stack-based buffer overflow, exploited by overwriting SEH pointer Adobe Reader 9.3.4 Adobe Flash 11.3.300 Internet Explorer 8 ● Half a day to cloak the attacks Evaluation Use exploitable version of hteditor source to bypass ROPecker ● Evasion attack ● Repeated history hiding attack ● execv is issued eventually Outline Background ROP Attacks Attack Primitives Attack Goal and Threat Model kBouncer ROPecker Evaluation Related Work and Conclusion Related Work ● [Goktas, S&P14] discussed the existence of call-preceded ROP and use it to break many existing CFI defenses ● [Davi, Usenix14] and [Goktas, Usenix14] both independently and concurrently discovered very similar attacks on kBouncer & ROPecker Conclusion This paper has presented: ● 3 building blocks for ROP attacks ● Break state-of-art defenses - kBouncer and ROPecker ● Implication o Do not rely on limited history o Call-preceded ROP is possible o Difficult to classify “gadget” and “non-gadget” o Focus on fundamental difference between normal and ROP execution