Attack Mitigation by Data Structure Randomization

  • Zhongtian ChenEmail author
  • Hao Han
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10128)


Address Space Layout Randomization (ASLR) and Control Flow Integrity (CFI) have been regarded as the most effective defenses against control flow hijacking attacks. However, researchers have recently shown that data-oriented attacks can circumvent both ASLR and CFI, and are even Turing-complete. These attacks often leverage encapsulated data structures to achieve malicious behaviors. To defeat data structure oriented attacks (DSOA), we propose data structure layout randomization techniques. Our method not only randomizes the data structure layout at compile time, but also inserts the padding bytes to increase entropy. Experimental results show that our method can defeat DSOA with low performance overhead (2.1% on average).


Randomization Algorithm Performance Overhead Data Flow Graph Base Address Buffer Overflow Vulnerability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
  3. 3.
    Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: ACM Conference on Computer and Communications Security (CCS 2005) (2005)Google Scholar
  4. 4.
    Backes, M., Holz, T., Kollenda, B., Koppe, P., Nürnberger, S., Pewny, J.: You can run but you can’t read: preventing disclosure exploits in executable code. In: ACM SIGSAC Conference on Computer and Communications Security (CCS 2014) (2014)Google Scholar
  5. 5.
    Backes, M., Nürnberger, S.: Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In: USENIX Security Symposium (Security 2014) (2014)Google Scholar
  6. 6.
    Bhatkar, E., Duvarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, pp. 105–120 (2003)Google Scholar
  7. 7.
    Bhatkar, S., Sekar, R.: Data space randomization. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2008) (2008)Google Scholar
  8. 8.
    Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proceedings of the 14th Conference on USENIX Security Symposium, Berkeley, CA, USA, vol. 14, p. 17 (2005)Google Scholar
  9. 9.
    Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI 2006) (2006)Google Scholar
  10. 10.
    Davi, L., Dmitrienko, A., Egele, M., Fischer, T., Holz, T., Hund, R., Nrnberger, S., Sadeghi, A.-R.: Mocfi: a framework to mitigate control-flow attacks on smartphones. In: Annual Network and Distributed System Security Symposium (NDSS 2012) (2012)Google Scholar
  11. 11.
    Hu, H., Chua, Z. L., Adrian, S., Saxena, P., Liang, Z.: Automatic generation of data-oriented exploits. In: Proceedings of the 24th USENIX Security Symposium (Security 2015) (2015)Google Scholar
  12. 12.
    Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: IEEE Symposium on Security and Privacy (Oakland 2016) (2016)Google Scholar
  13. 13.
    Jim, T., Morrisett, J.G., Grossman, D., Hicks, M.W., Cheney, J., Wang, Y.: Cyclone: a safe dialect of C. In: General Track of the Annual Conference on USENIX Annual Technical Conference, ATEC 2002 (2002)Google Scholar
  14. 14.
    Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Softbound: highly compatible and complete spatial memory safety for C. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2009) (2009)Google Scholar
  15. 15.
    Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2002) (2002)Google Scholar
  16. 16.
    Pax Team: Pax address space layout randomization (aslr).
  17. 17.
    Wang, Z., Jiang, X.: Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: IEEE Symposium on Security and Privacy (Oakland 2010) (2010)Google Scholar
  18. 18.
    Zhang, C., Wei, T., Chen, Z., Duan, L., McCamant, S., Szekeres, L., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: IEEE Symposium on Security and Privacy (Oakland 2013) (2013)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University High School of IndianaCarmelUSA
  2. 2.EMCWenzhouChina

Personalised recommendations