Bertrand Anckaert, Mariusz H. Jakubowski, Ramarathnam Venkatesan, and Nick Saw
8 January 2009
Software running on an open architecture, such as the PC, is vulnerable to inspection and modification. This is a concern, as software may consist of or provide access to valuable information. As a result, several defenses against program understanding and modification have been proposed in literature. The approach discussed in this paper complements existing work and focuses on hiding the actual location of data throughout the execution of the program. To achieve this, we combine three techniques: (i) periodic reordering of the heap, (ii) migrating local variables from the stack to the heap and (iii) pointer scrambling. The techniques serve to complicate static data flow analysis and dynamic data tracking.
Our prototype implementation compiles C programs into a binary for which every access to the heap is redirected through a memory management unit. In order to protect traditionally stack-based variables as well, a mechanism is provided to migrate them to the heap and to adapt all accesses to those variables. Finally, an option is provided to enable pointer scrambling. If this is turned on, the program can no longer operate directly on the pointers; therefore, pointer arithmetic is intercepted as well.
Experimental evaluation on benchmarks from the SPEC CPU2006 benchmark suite illustrates the type of trade-off that needs to be made for this type of protection. Balance must be struck between comprehensive protection and cost in terms of execution time and (to a lesser extent) static and dynamic memory footprint.