DOI QR코드

DOI QR Code

Improvement of Runtime Intrusion Prevention Evaluator (RIPE)

실행시간 침입 방지 평가 프로그램(RIPE)의 개선

  • 이현규 (홍익대학교 컴퓨터공학과) ;
  • 이담호 (홍익대학교 컴퓨터공학과) ;
  • 김태환 (홍익대학교 컴퓨터공학과) ;
  • 조동황 (홍익대학교 컴퓨터공학과) ;
  • 이상훈 (국방과학연구소 제2기술연구본부 국방사이버기술센터) ;
  • 김훈규 (국방과학연구소 제2기술연구본부 국방사이버기술센터) ;
  • 표창우 (홍익대학교 컴퓨터공학과)
  • Received : 2015.02.13
  • Accepted : 2015.06.10
  • Published : 2015.08.15

Abstract

Runtime Intrusion Prevention Evaluator (RIPE), published in 2011, is a benchmark suite for evaluating mitigation techniques against 850 attack patterns using only buffer overflow. Since RIPE is built as a single process, defense and attack routines cannot help sharing process states and address space layouts when RIPE is tested. As a result, attack routines can access the memory space for defense routines without restriction. We separate RIPE into two independent processes of defense and attacks so that mitigations based on confidentiality such as address space layout randomization are properly evaluated. In addition, we add an execution mode to test robustness against brute force attacks. Finally, we extend RIPE by adding 38 attack forms to perform format string attacks and virtual table (vtable) hijacking attacks. The revised RIPE contributes to the diversification of attack patterns and precise evaluation of the effectiveness of mitigations.

References

  1. L. Szekeres, M. Payer, T. Wei, and D. Song, "SoK: Eternal war in memory," IEEE Symposium on Security and Privacy, pp. 48-62, 2013.
  2. J. L. Henning, "SPEC CPU2006 benchmark descriptions," SIGARCH Comput. Archit. News, Vol. 34, pp. 1-17, Sep. 2006.
  3. J. Wilander, N. Nikiforakis, Y. Younan, M. Kamkar, W. Joosen, "RIPE: Runtime Intrusion Prevention Evaluator," ACSAC, pp. 44-50, 2011.
  4. PaX-Team. PaX ASLR (Address Space Layout Randomization) [Online]. Available: http://pax.grsecurity.net/docs/aslr.txt, 2003.
  5. A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, D. Boneh, "Hacking Blind," IEEE Symposium on Security and Privacy, pp. 227-242, 2014.
  6. N. Tim, Format String Attacks [Online]. http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1%387, 2000.
  7. J. Afek, and A. Sharabani, "Dangling Pointer -Smashing The Pointer For Fun And Profit," Black-Hat USA, 2007.
  8. Rix, "Smashing $c^{++}$ vptrs," Phrack, Vol. 10, No. 56, 2000.
  9. A. van de Ven, I. Molnar, Exec Shield [Online]. Available: https://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf, 2004.
  10. H. Shacham, M. Page, B. Pfaff, E. J. Goh, N. Moda-Modadugu, D. Boneh, "On the effectiveness of addressspace randomization," CCS 2004, pp. 298-307, 2004.
  11. A. Gupta, J. Habibi. M. S. Kirkpatrick, E. Bertino, "Marlin: Mitigating code reuse attacks using code randomization," TDSC 2014, pp. 1-14, 2014.
  12. R. Wartell, V. Mohan, K. W. Hamlen, Z. Lin, "Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code," CCS 2012, pp. 157-168, 2012.
  13. R. Strackx, Y. Younan, P. Philippaerts, F. Piessens, S. Lachmund, T. Walter, "Breaking the memory secrecy assumption," EuroSys Conference, pp. 1-8, 2009.
  14. Y. Ding, C. Zhang, T. Wei, "Unider: Exploit Attack Emulator Armed with State-of-Art Exploit Techniques," NDSS 2014.