Description
Recently developed techniques such as Katana and AutoProfile allow for automated, binary-only profile generation for forensic memory analysis on the linux kernel, despite software diversification techniques such as structure layout randomization being enabled. This involves the reconstruction of randomization schemes used to reorder data structure members of important kernel structs. To prevent this we devise a compiletime ABI randomization technique, that rearranges function arguments in order to invalidate assumptions made by profile generation tools.
In order to achieve this we create the randfun compiler plugin for GCC, and develop several techniques to automatically select functions for randomization, while maintaining consistency across multiple compilation units. This includes a two-pass blacklisting approach to handle explicit assembly implementations of functions, as well as wrapper function generation to deal with indirect function calls.
We show that our plugin can be successfully deployed on the linux kernel, yielding the expected elimination of predictable register usage on function invocation in the generated binary, as long as enough parameters are present in the respective function. Additionally we evaluate the results with regards to Katana's derandomization strategy and demonstrate that enabling randfun in addition to structure layout randomization entails a significant reduction of Katana's attack surface, although we do outline further improvements with regards to handling functions with few arguments, as well as improving our function selection technique.
|
