Shapeshifter: Intelligence-driven data plane randomization resilient to data-oriented programming attacks

Non-control data attacks are becoming an increasingly major threat to cyber security. Specifically, data-oriented programming (DOP) attacks manipulate the non-control data in the target program to achieve malicious goals without violating control-flow integrity (CFI). Pioneering research has shown that such attacks can be equally as powerful and effective as control-flow attacks. However, these threats have not been adequately addressed because most previous defence mechanisms focus on preventing control-flow attacks. To this end, we propose Shapeshifter, an intelligence-driven data plane randomization technique that is resilient to non-control data attacks. We define and identify the security-critical data objects that need to be randomized through strategic behaviour analysis for DOP attacks. Driven by the threat intelligence from DOP attacks, we construct a reasonable whitelist for randomization and design a runtime randomization strategy. Shapeshifter adaptively randomizes the memory representation of both the data structure instances and the variables on the whitelist at runtime, thereby dynamically changing the attack surface and increasing the difficulty of launching DOP attacks. We implement Shapeshifter on top of the LLVM compiler and conduct an evaluation. The evaluation results show the effectiveness of Shapeshifter in mitigating non-control data attacks with a 20.1% runtime overhead on average.