Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Overview
  • Symposium Organizers
  • At a Glance
  • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
  • Technical Sessions
  • Co-Located Workshops
  • Accepted Posters
  • Activities
    • Birds-of-a-Feather Sessions
    • Work-in-Progress Reports
  • Sponsorship
  • Students and Grants
  • Services
  • Questions?
  • Help Promote!
  • Flyer PDF
  • For Participants
  • Call for Papers
  • Past Symposia

sponsors

Gold Sponsor
Gold Sponsor
Gold Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Industry Partner

twitter

Tweets by USENIXSecurity

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing
Tweet

connect with us

http://twitter.com/usenixsecurity
https://www.facebook.com/usenixassociation
http://www.linkedin.com/groups/USENIX-Association-49559/about
https://plus.google.com/108588319090208187909/posts
http://www.youtube.com/user/USENIXAssociation

Oxymoron: Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing

Friday, August 1, 2014 - 10:00am
Authors: 

Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS); Stefan Nürnberger, Saarland University

Abstract: 

The latest effective defense against code reuse attacks is fine-grained, per-process memory randomization. However, such process randomization prevents code sharing since there is no longer any identical code to share between processes. Without shared libraries, however, tremendous memory savings are forfeit. This drawback may hinder the adoption of fine-grained memory randomization.

We present Oxymoron, a secure fine-grained memory randomization technique on a per-process level that does not interfere with code sharing. Executables and libraries built with Oxymoron feature ‘memory-layout-agnostic code’, which runs on a commodity Linux. Our theoretical and practical evaluations show that Oxymoron is the first solution to be secure against just-in-time code reuse attacks and demonstrate that fine-grained memory randomization is feasible without forfeiting the enormous memory savings of shared libraries.

Michael Backes, Saarland University and Max Planck Institute for Software Systems (MPI-SWS)

Stefan Nürnberger, Saarland University

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {184465,
author = {Michael Backes and Stefan N{\"u}rnberger},
title = {Oxymoron: Making {Fine-Grained} Memory Randomization Practical by Allowing Code Sharing},
booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
year = {2014},
isbn = {978-1-931971-15-7},
address = {San Diego, CA},
pages = {433--447},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/backes},
publisher = {USENIX Association},
month = aug,
}
Download
Backes PDF
View the slides

Presentation Video 

Presentation Audio

MP3 Download

Download Audio

  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us