The University of Southampton
University of Southampton Institutional Repository

Local memory via layout randomization

Local memory via layout randomization
Local memory via layout randomization
Randomization is used in computer security as a tool to introduce unpredictability into the software infrastructure. In this paper, we study the use of randomization to achieve the secrecy and integrity guarantees for local memory. We follow the approach set out by Abadi and Plotkin (2010). We consider the execution of an idealized language in two environments. In the strict environment, opponents cannot access local variables of the user program. In the lax environment, opponents may attempt to guess allocated memory locations and thus, with small probability, gain access the local memory of the user program. We model these environments using two novel calculi: ??hashref and ??proberef. Our contribution to the Abadi-Plotkin program is to enrich the programming language with dynamic memory allocation, first class and higher order references and call/cc-style control. On the one hand, these enhancements allow us to directly model a larger class of system hardening principles. On the other hand, the class of opponents is also enhanced since our enriched language permits natural and direct encoding of attacks that alter the control flow of programs. Our main technical result is a fully abstract translation (upto probability) of ??hashref into ??proberef. Thus, in the presence of randomized layouts, the opponent gains no new power from being able to guess local references of the user program. Our numerical bounds are similar to those of Abadi and Plotkin; thus, the extra programming language features do not cause a concomitant increase in the resources required for protection via randomization.
978-1-61284-644-6
161-174
Jagadeesan, Radha
a5d60f70-2047-4b40-8c74-3adc4aabbb4e
Pitcher, Corin
c38979d9-f0bf-4af2-940c-a4996ac80610
Rathke, Julian
dba0b571-545c-4c31-9aec-5f70c231774b
Riely, James
f79c39e6-ab2d-4e53-8886-40977a927b28
Jagadeesan, Radha
a5d60f70-2047-4b40-8c74-3adc4aabbb4e
Pitcher, Corin
c38979d9-f0bf-4af2-940c-a4996ac80610
Rathke, Julian
dba0b571-545c-4c31-9aec-5f70c231774b
Riely, James
f79c39e6-ab2d-4e53-8886-40977a927b28

Jagadeesan, Radha, Pitcher, Corin, Rathke, Julian and Riely, James (2011) Local memory via layout randomization. IEEE 24th Computer Security Foundations Symposium (CSF), Cernay-la-Ville, France. 27 - 29 Jun 2011. pp. 161-174 . (doi:10.1109/CSF.2011.18).

Record type: Conference or Workshop Item (Paper)

Abstract

Randomization is used in computer security as a tool to introduce unpredictability into the software infrastructure. In this paper, we study the use of randomization to achieve the secrecy and integrity guarantees for local memory. We follow the approach set out by Abadi and Plotkin (2010). We consider the execution of an idealized language in two environments. In the strict environment, opponents cannot access local variables of the user program. In the lax environment, opponents may attempt to guess allocated memory locations and thus, with small probability, gain access the local memory of the user program. We model these environments using two novel calculi: ??hashref and ??proberef. Our contribution to the Abadi-Plotkin program is to enrich the programming language with dynamic memory allocation, first class and higher order references and call/cc-style control. On the one hand, these enhancements allow us to directly model a larger class of system hardening principles. On the other hand, the class of opponents is also enhanced since our enriched language permits natural and direct encoding of attacks that alter the control flow of programs. Our main technical result is a fully abstract translation (upto probability) of ??hashref into ??proberef. Thus, in the presence of randomized layouts, the opponent gains no new power from being able to guess local references of the user program. Our numerical bounds are similar to those of Abadi and Plotkin; thus, the extra programming language features do not cause a concomitant increase in the resources required for protection via randomization.

Text
paper.pdf - Other
Restricted to Registered users only
Download (328kB)
Request a copy

More information

Published date: June 2011
Venue - Dates: IEEE 24th Computer Security Foundations Symposium (CSF), Cernay-la-Ville, France, 2011-06-27 - 2011-06-29
Organisations: Electronic & Software Systems

Identifiers

Local EPrints ID: 272428
URI: http://eprints.soton.ac.uk/id/eprint/272428
ISBN: 978-1-61284-644-6
PURE UUID: 33c8e9ee-82af-4615-9764-185dcfb7d386

Catalogue record

Date deposited: 08 Jun 2011 16:09
Last modified: 14 Mar 2024 10:01

Export record

Altmetrics

Contributors

Author: Radha Jagadeesan
Author: Corin Pitcher
Author: Julian Rathke
Author: James Riely

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×