Preshuf: Pre-shuffling binaries in secure hardware

Abstract

Fine-grained randomization of code is an effective countermeasure to code-reuse attacks, but its practical deployment is hindered by the high performance overhead of the randomization itself. This thesis presents Preshuf, an architecture that is trying to mitigate this performance-security trade-off by separating the computationally costly randomization from the startup sequence of the application. Preshuf implements an asynchronous model where a background daemon makes use of a hardware-isolated Trusted Execution Environment on ARM64 to continuously pre-shuffle binaries at a function-granular level and encrypt them using AEAD cryptography. At runtime, a lightweight preloader only manages a fast and secure decryption before executing the program, therefore making the shift of overhead from the permutation logic to a much more lightweight set of cryptographic operations. The system was implemented and evaluated on both emulated and physical platforms, through QEMU and a Raspberry Pi 3. The results demonstrate that this approach introduces a minimal load-time latency that can be less than a fourth of the required overhead for the randomization itself for larger binaries on representative hardware. Additionally, the ongoing re-randomization produces a "refreshing defense" that makes leaked runtime information ephemeral, thereby forcing the attacker into Just-In-Time exploit development within a set time window. The work shows that the asynchronous pre-shuffling model does make high-entropy moving target defenses more practical without the need of compromising security for performance.