Android Security Symposium 2015

Exploit mitigation at the native level for RISC-based devices

About the speaker

Matthias Neugschwandtner

IBM Research, Zurich, Switzerland
Matthias Neugschwandtner is a system security researcher working at the Cloud and Storage Security Group at IBM Research, Zurich. The main focus of his research lies on low-level system security. This encompasses program analysis, vulnerability detection and system hardening. During his academic career he worked at the Vienna University of Technology, Vrije Universiteit Amsterdam and the Northeastern University in Boston.


We present a novel approach for exploit mitigation that is specifically tailored towards embedded systems that are based on the common RISC architecture. We leverage architectural features of RISC CPUs to extract a combination of static and dynamic properties relevant to OS service requests from executables, and enforce them during runtime. Our technique borrows ideas from several areas including control flow integrity, system call monitoring, static analysis, and code emulation, and combines them in a low-overhead fashion directly in the operating system kernel. We implemented our approach for the Linux operating system. Our system is very practical, and restricts the ability of attackers to exploit generic memory corruption vulnerabilities in COTS binaries. In contrast to other approaches, we do not require access to source code, binary modification, or application specific configuration such as policies. Our evaluation demonstrates that our approach incurs a very low overhead - only 2% - and shows that our approach is practical against both code injection and code reuse attacks.


Get the slides here.