Chronomorphic Programs: Runtime Diversity Prevents Exploits and Reconnaissance

In Return Oriented Programming (ROP) attacks, a cyber attacker crafts an exploit from instruction sequences already contained in a running binary. ROP attacks are now used widely, bypassing many cyber defense mechanisms. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP attacks. We present a new approach that automatically rewrites potentially-vulnerable software binaries into chronomorphic binaries that change their in-memory instructions and layout repeatedly, at runtime. We describe our proof of concept implementation of this approach, discuss its security and safety properties, provide statistical analyses of runtime diversity and reduced ROP attack likelihood, and present empirical results that demonstrate the low performance overhead of actual chronomorphic binaries.

Scott E. Friedman, David J. Musliner, Peter K. Keller. (2015). Chronomorphic Programs: Runtime Diversity Prevents Exploits and Reconnaissance. International Journal on Advances in Security, 8(3&4). pp. 120-129. - [PDF]