Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering

Vincent Haupert; Tilo Müller

doi:10.5220/0006083800250037

Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering

Vincent Haupert, Tilo Müller

2017

Abstract

We present RIProtection (Rest In Protection), a novel Linux kernel-based approach that mitigates the tampering of return instruction pointers. RIProtection uses single stepping on branches for instruction-level monitoring to guarantee the integrity of the ret-based control-flow of user-mode programs. Our modular design of RIProtection allows an easy adoption of several security approaches relying on instruction-level monitoring. For this paper, we implemented two exclusive approaches to protect RIPs: XOR-based encryption as well as a shadow stack. Both approaches provide reliable protection of RIPs, while the shadow stack additionally prevents return-oriented programming and withstands information leakages of the user-mode stack. While the performance of RIProtection is a severe drawback, its compatibility with regard to hardware and software requirements is outstanding because it supports virtually all 64-bit programs without recompilation or binary rewriting.

Download

Paper Citation

in Harvard Style

Haupert V. and Müller T. (2017). Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 25-37. DOI: 10.5220/0006083800250037

in Bibtex Style

@conference{icissp17,
author={Vincent Haupert and Tilo Müller},
title={Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={25-37},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006083800250037},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Rest in Protection - A Kernel-level Approach to Mitigate RIP Tampering
SN - 978-989-758-209-7
AU - Haupert V.
AU - Müller T.
PY - 2017
SP - 25
EP - 37
DO - 10.5220/0006083800250037