Retrofitting XoM for Stripped Binaries without Embedded Data Relocation

TL;DR

This paper introduces PXoM, a practical method for enhancing stripped binaries on x86-64 by using fine-grained memory permissions with Intel's hardware features, avoiding complex data relocation.

Contribution

PXoM provides a novel fine-grained permission control mechanism for stripped binaries, eliminating the need for embedded data relocation and improving security.

Findings

Negligible runtime overhead in benchmarks

Effective restriction of code read permissions

Enhanced security against gadget harvesting

Abstract

In this paper, we present PXoM, a practical technique to seamlessly retrofit XoM into stripped binaries on the x86-64 platform. As handling the mixture of code and data is a well-known challenge for XoM, most existing methods require the strict separation of code and data areas via either compile-time transformation or binary patching, so that the unreadable permission can be safely enforced at the granularity of memory pages. In contrast to previous approaches, we provide a fine-grained memory permission control mechanism to restrict the read permission of code while allowing legitimate data reads within code pages. This novelty enables PXoM to harden stripped binaries but without resorting to error-prone embedded data relocation. We leverage Intel's hardware feature, Memory Protection Keys, to offer an efficient fine-grained permission control. We measure PXoM's performance with both micro- and macro-benchmarks, and it only introduces negligible runtime overhead. Our security evaluation shows that PXoM leaves adversaries with little wiggle room to harvest all of the required gadgets, suggesting PXoM is practical for real-world deployment.