Address Space Layout Randomization (ASLR) was a great role model being a light-weight defense technique that could prevent early return-oriented programming attacks. Simple yet effective, ASLR was quickly widely-adopted. Conversely, today only a trickle of defense techniques are being integrated or adopted mainstream. As code reuse attacks have evolved, defenses have strived to keep up. To do so, many have had to take unfavorable tradeoffs like using background threads or protecting only a subset of sensitive code. In reality, these tradeoffs were unavoidable steps necessary to improve the strength of the state-of-the-art. We present Goose, an on-demand system-wide runtime re-randomization technique capable of scalable protection of application as well as shared library code most defenses have forgone. We achieve code sharing with diversification by implementing reactive and scalable, rather than continuous or one-time diversification. Enabling code sharing further removes redundant computation like tracking, patching, along with memory overheads required by prior randomization techniques. In its baseline state, the code transformations needed for Goose security hardening incur a reasonable performance overhead of 5.5% on SPEC and minimal degradation of 4.4% in NGINX, demonstrating its applicability to both compute-intensive and scalable real-world applications. Even when under attack, Goose only adds from less than 1% up to 15% depending on application complexity.
Security Hardening of Industrial IoT Systems
