Chronomorphic Programs: Using Runtime Diversity to Prevent Code Reuse Attacks

Return Oriented Programming (ROP) attacks, in which a cyber attacker crafts an exploit from instruction sequences already contained in a running binary, have become popular and practical. While previous research has investigated software diversity and dynamic binary instrumentation for defending against ROP, many of these approaches incur large performance costs or are susceptible to Blind ROP attacks. We present a new approach that automatically rewrites potentially vulnerable software binaries into chronomorphic binaries that change their in-memory instructions and layout repeatedly, at runtime. We describe our proof of concept implementation of this approach, discuss its security and safety properties, provide statistical analyses of runtime diversity and reduced ROP attack likelihood, and present empirical results that demonstrate the low performance overhead of actual chronomorphic binaries.

Scott E. Friedman, David J. Musliner, Peter Keller. (2015). Chronomorphic Programs: Using Runtime Diversity to Prevent Code Reuse Attacks. ICDS 2015: The 9th International Conference on Digital Society. - [PDF]