Blender: Self-randomizing Address Space Layout for Android Apps

In this paper, we first demonstrate that the newly introduced Android RunTime (ART) in latest Android versions (Android 5.0 or above) exposes a new attack surface, namely, the “return-to-art” (ret2art) attack. Unlike traditional return-to-library attacks, the ret2art attack abuses Android framework APIs (e.g., the API to send SMS) as payloads to conveniently perform malicious operations. This new attack surface, along with the weakened ASLR implementation in the Android system, makes the successful exploiting of vulnerable apps much easier. To mitigate this threat and provide self-protection for Android apps, we propose a user-level solution called Blender, which is able to self-randomize address space layout for apps. Specifically, for an app using our system, Blender randomly rearranges loaded libraries and Android runtime executable code in the app’s process, achieving much higher memory entropy compared with the vanilla app. Blender requires no changes to the Android framework nor the underlying Linux kernel, thus is a non-invasive and easy-to-deploy solution. Our evaluation shows that Blender only incurs around 6 MB memory footprint increase for the app with our system, and does not affect other apps without our system. It increases 0.3 s of app starting delay, and imposes negligible CPU and battery overheads.