Data Science Day @ Columbia University

Many programs are vulnerable to code-reuse attacks, where their own code is stitched together to form a malicious exploit (known as Return-Oriented Programming or ROP). Recently, Just-In-Time ROP attacks have been described which dynamically discover a target program's code, so even if it is randomized differently every time it runs, ROP can still be performed. We present Shuffler, the first comprehensive re-randomization technique that continuously changes the layout of code in memory as it runs. This process is self-hosting, and the code which implements the migration is itself re-randomized. Shuffler defines a time window -- as short as 100ms -- within which a ROP attacker must gather information, compile, and execute their exploit. This extra time dimension will confound most existing attacks.