Preshuf: Pre-shuffling binaries in secure hardware

Thumbnail Image

Files

master_Balint_Armand_2025.pdf (3.03 MB)

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2025-11-24

Department

Major/Subject

Computer Science

Mcode

Degree programme

Master's Programme in Computer, Communication and Information Sciences
Master's Programme in Computer, Communication and Information Sciences
Master's Programme in Computer, Communication and Information Sciences

Language

en

Pages

92

Series

Abstract

Fine-grained randomization of code is an effective countermeasure to code-reuse attacks, but its practical deployment is hindered by the high performance overhead of the randomization itself. This thesis presents Preshuf, an architecture that is trying to mitigate this performance-security trade-off by separating the computationally costly randomization from the startup sequence of the application. Preshuf implements an asynchronous model where a background daemon makes use of a hardware-isolated Trusted Execution Environment on ARM64 to continuously pre-shuffle binaries at a function-granular level and encrypt them using AEAD cryptography. At runtime, a lightweight preloader only manages a fast and secure decryption before executing the program, therefore making the shift of overhead from the permutation logic to a much more lightweight set of cryptographic operations. The system was implemented and evaluated on both emulated and physical platforms, through QEMU and a Raspberry Pi 3. The results demonstrate that this approach introduces a minimal load-time latency that can be less than a fourth of the required overhead for the randomization itself for larger binaries on representative hardware. Additionally, the ongoing re-randomization produces a "refreshing defense" that makes leaked runtime information ephemeral, thereby forcing the attacker into Just-In-Time exploit development within a set time window. The work shows that the asynchronous pre-shuffling model does make high-entropy moving target defenses more practical without the need of compromising security for performance.

Description

Supervisor

Gunn, Lachlan

Thesis advisor

Niemi, Arto

Keywords

ASLR, OS hardening, memory protection, TEE, cryptography, preloaders

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202512179392

Collections

[dipl] Perustieteiden korkeakoulu / SCI