Thread-Level Attack-Surface Reduction

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Florian Rommel
  • Christian Dietrich
  • Andreas Ziegler
  • Illia Ostapyshyn
  • Daniel Lohmann

External Research Organisations

  • Hamburg University of Technology (TUHH)
  • Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU Erlangen-Nürnberg)
View graph of relations

Details

Original languageEnglish
Title of host publicationLCTES 2023
Subtitle of host publicationProceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems
EditorsBernhard Egger, Dongyoon Lee
PublisherAssociation for Computing Machinery (ACM)
Pages64-75
Number of pages12
ISBN (electronic)9798400701740
Publication statusPublished - 13 Jun 2023
Event24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, LCTES 2023 - Orlando, United States
Duration: 18 Jun 202318 Jun 2023

Publication series

NameProceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)

Abstract

Existing debloating techniques designed to prevent buffer-overflow exploits through return-oriented programming do not differentiate roles within a process or binary, allowing all threads access to the full program functionality. For example, a worker thread that handles client connections (highest attack exposure) still has access to all the code that the management thread needs (highest potential fallout). We introduce thread-level attack-surface reduction (TLASR), a dynamic, context-aware approach that eliminates unused code on a thread level. For this, we (permanently or temporarily) eliminate parts of the text segment (both in shared libraries and the main binary) and use the mmview Linux extension to support multiple text-segment views in a single process. We reduce the executable code visible from a single thread in MariaDB, Memcached, OpenSSH, and Bash by 84 to 98.4 percent. As a result, the number of ROP gadgets decreases significantly (78–97 %), with TLASR rendering an auto-ROP utility ineffective in all investigated benchmarks and eliminating all CVE-related functions ever reported for glibc in 97 percent of the cases.

Keywords

    binary tailoring, debloating, return-oriented programming

ASJC Scopus subject areas

Cite this

Thread-Level Attack-Surface Reduction. / Rommel, Florian; Dietrich, Christian; Ziegler, Andreas et al.
LCTES 2023 : Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. ed. / Bernhard Egger; Dongyoon Lee. Association for Computing Machinery (ACM), 2023. p. 64-75 (Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Rommel, F, Dietrich, C, Ziegler, A, Ostapyshyn, I & Lohmann, D 2023, Thread-Level Attack-Surface Reduction. in B Egger & D Lee (eds), LCTES 2023 : Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES), Association for Computing Machinery (ACM), pp. 64-75, 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, LCTES 2023, Orlando, United States, 18 Jun 2023. https://doi.org/10.1145/3589610.3596281
Rommel, F., Dietrich, C., Ziegler, A., Ostapyshyn, I., & Lohmann, D. (2023). Thread-Level Attack-Surface Reduction. In B. Egger, & D. Lee (Eds.), LCTES 2023 : Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems (pp. 64-75). (Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)). Association for Computing Machinery (ACM). https://doi.org/10.1145/3589610.3596281
Rommel F, Dietrich C, Ziegler A, Ostapyshyn I, Lohmann D. Thread-Level Attack-Surface Reduction. In Egger B, Lee D, editors, LCTES 2023 : Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. Association for Computing Machinery (ACM). 2023. p. 64-75. (Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)). doi: 10.1145/3589610.3596281
Rommel, Florian ; Dietrich, Christian ; Ziegler, Andreas et al. / Thread-Level Attack-Surface Reduction. LCTES 2023 : Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems. editor / Bernhard Egger ; Dongyoon Lee. Association for Computing Machinery (ACM), 2023. pp. 64-75 (Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)).
Download
@inproceedings{ef79f309af234cf7a5c7310937fdd70a,
title = "Thread-Level Attack-Surface Reduction",
abstract = "Existing debloating techniques designed to prevent buffer-overflow exploits through return-oriented programming do not differentiate roles within a process or binary, allowing all threads access to the full program functionality. For example, a worker thread that handles client connections (highest attack exposure) still has access to all the code that the management thread needs (highest potential fallout). We introduce thread-level attack-surface reduction (TLASR), a dynamic, context-aware approach that eliminates unused code on a thread level. For this, we (permanently or temporarily) eliminate parts of the text segment (both in shared libraries and the main binary) and use the mmview Linux extension to support multiple text-segment views in a single process. We reduce the executable code visible from a single thread in MariaDB, Memcached, OpenSSH, and Bash by 84 to 98.4 percent. As a result, the number of ROP gadgets decreases significantly (78–97 %), with TLASR rendering an auto-ROP utility ineffective in all investigated benchmarks and eliminating all CVE-related functions ever reported for glibc in 97 percent of the cases.",
keywords = "binary tailoring, debloating, return-oriented programming",
author = "Florian Rommel and Christian Dietrich and Andreas Ziegler and Illia Ostapyshyn and Daniel Lohmann",
note = "Funding Information: We thank the anonymous reviewers for their valuable feedback and dedicated efforts in helping us improve this paper. TLASR was funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) – 468988364, 501887536. ; 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, LCTES 2023 ; Conference date: 18-06-2023 Through 18-06-2023",
year = "2023",
month = jun,
day = "13",
doi = "10.1145/3589610.3596281",
language = "English",
series = "Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)",
publisher = "Association for Computing Machinery (ACM)",
pages = "64--75",
editor = "Bernhard Egger and Dongyoon Lee",
booktitle = "LCTES 2023",
address = "United States",

}

Download

TY - GEN

T1 - Thread-Level Attack-Surface Reduction

AU - Rommel, Florian

AU - Dietrich, Christian

AU - Ziegler, Andreas

AU - Ostapyshyn, Illia

AU - Lohmann, Daniel

N1 - Funding Information: We thank the anonymous reviewers for their valuable feedback and dedicated efforts in helping us improve this paper. TLASR was funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) – 468988364, 501887536.

PY - 2023/6/13

Y1 - 2023/6/13

N2 - Existing debloating techniques designed to prevent buffer-overflow exploits through return-oriented programming do not differentiate roles within a process or binary, allowing all threads access to the full program functionality. For example, a worker thread that handles client connections (highest attack exposure) still has access to all the code that the management thread needs (highest potential fallout). We introduce thread-level attack-surface reduction (TLASR), a dynamic, context-aware approach that eliminates unused code on a thread level. For this, we (permanently or temporarily) eliminate parts of the text segment (both in shared libraries and the main binary) and use the mmview Linux extension to support multiple text-segment views in a single process. We reduce the executable code visible from a single thread in MariaDB, Memcached, OpenSSH, and Bash by 84 to 98.4 percent. As a result, the number of ROP gadgets decreases significantly (78–97 %), with TLASR rendering an auto-ROP utility ineffective in all investigated benchmarks and eliminating all CVE-related functions ever reported for glibc in 97 percent of the cases.

AB - Existing debloating techniques designed to prevent buffer-overflow exploits through return-oriented programming do not differentiate roles within a process or binary, allowing all threads access to the full program functionality. For example, a worker thread that handles client connections (highest attack exposure) still has access to all the code that the management thread needs (highest potential fallout). We introduce thread-level attack-surface reduction (TLASR), a dynamic, context-aware approach that eliminates unused code on a thread level. For this, we (permanently or temporarily) eliminate parts of the text segment (both in shared libraries and the main binary) and use the mmview Linux extension to support multiple text-segment views in a single process. We reduce the executable code visible from a single thread in MariaDB, Memcached, OpenSSH, and Bash by 84 to 98.4 percent. As a result, the number of ROP gadgets decreases significantly (78–97 %), with TLASR rendering an auto-ROP utility ineffective in all investigated benchmarks and eliminating all CVE-related functions ever reported for glibc in 97 percent of the cases.

KW - binary tailoring

KW - debloating

KW - return-oriented programming

UR - http://www.scopus.com/inward/record.url?scp=85164293650&partnerID=8YFLogxK

U2 - 10.1145/3589610.3596281

DO - 10.1145/3589610.3596281

M3 - Conference contribution

AN - SCOPUS:85164293650

T3 - Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)

SP - 64

EP - 75

BT - LCTES 2023

A2 - Egger, Bernhard

A2 - Lee, Dongyoon

PB - Association for Computing Machinery (ACM)

T2 - 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, LCTES 2023

Y2 - 18 June 2023 through 18 June 2023

ER -