Thread-Level Attack-Surface Reduction

Rommel F, Dietrich C, Ziegler A, Ostapyshyn I, Lohmann D (2023)

Publication Type: Conference contribution

Publication year: 2023

Publisher: Association for Computing Machinery

Pages Range: 64-75

Conference Proceedings Title: Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES)

Event location: Orlando, FL, USA

ISBN: 9798400701740

DOI: 10.1145/3589610.3596281

Abstract

Existing debloating techniques designed to prevent buffer-overflow exploits through return-oriented programming do not differentiate roles within a process or binary, allowing all threads access to the full program functionality. For example, a worker thread that handles client connections (highest attack exposure) still has access to all the code that the management thread needs (highest potential fallout). We introduce thread-level attack-surface reduction (TLASR), a dynamic, context-aware approach that eliminates unused code on a thread level. For this, we (permanently or temporarily) eliminate parts of the text segment (both in shared libraries and the main binary) and use the mmview Linux extension to support multiple text-segment views in a single process. We reduce the executable code visible from a single thread in MariaDB, Memcached, OpenSSH, and Bash by 84 to 98.4 percent. As a result, the number of ROP gadgets decreases significantly (78–97 %), with TLASR rendering an auto-ROP utility ineffective in all investigated benchmarks and eliminating all CVE-related functions ever reported for glibc in 97 percent of the cases.

Authors with CRIS profile

Andreas Ziegler Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme)

Involved external institutions

Gottfried Wilhelm Leibniz Universität Hannover DE Germany (DE) Technische Universität Hamburg-Harburg (TUHH) DE Germany (DE)

How to cite

APA:

Rommel, F., Dietrich, C., Ziegler, A., Ostapyshyn, I., & Lohmann, D. (2023). Thread-Level Attack-Surface Reduction. In Bernhard Egger, Dongyoon Lee (Eds.), Proceedings of the ACM SIGPLAN Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES) (pp. 64-75). Orlando, FL, USA: Association for Computing Machinery.

MLA:

Rommel, Florian, et al. "Thread-Level Attack-Surface Reduction." Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, LCTES 2023, Orlando, FL, USA Ed. Bernhard Egger, Dongyoon Lee, Association for Computing Machinery, 2023. 64-75.

BibTeX: Download