ROP Defense in the Cloud through LIve Text Page-level Re-ordering

As cloud computing environments move towards securing against simplistic threats, adversaries are moving towards more sophisticated attacks such as ROP (Return Oriented Programming). In this paper we propose the LIve Text Page-level Re-ordering (LITPR) system for prevention of ROP style attacks and in particular the largely unaddressed Blind ROP attacks on applications running on cloud servers. ROP and BROP, respectively, bypass protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) that are offered by the Linux operating system and can be used to perform arbitrary malicious actions against it. LITPR periodically randomizes the in-memory locations of application and kernel code, at run time, to ensure that both ROP and BROP style attacks are unable to succeed. This is a dramatic change relative to ASLR which is a load time randomization technique.