Oxymoron - Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing

Michael Backes; Stefan Nürnberger

In: Proceedings of the 23rd USENIX Security Symposium. USENIX Security Symposium (USENIX-2014), August 20-22, San Diego, CA, USA, ISBN 978-1-931971-15-7, USENIX Association, 2014.


The latest effective defense against code reuse attacks is fine-grained, per-process memory randomization. However, such process randomization prevents code sharing since there is no longer any identical code to share between processes. Without shared libraries, however, tremendous memory savings are forfeit. This drawback may hinder the adoption of fine-grained memory randomization. We present Oxymoron, a secure fine-grained memory randomization technique on a per-process level that does not interfere with code sharing. Executables and libraries built with Oxymoron feature memory-layout-agnostic code, which runs on a commodity Linux. Our theoretical and practical evaluations show that Oxymoron is the first solution to be secure against just-in-time code reuse attacks and demonstrate that fine-grained memory randomization is feasible without forfeiting the enormous memory savings of shared libraries.

nuernberger2014usenix_oxymoron.pdf (pdf, 1 MB )

Deutsches Forschungszentrum für Künstliche Intelligenz
German Research Center for Artificial Intelligence