Exploiting Metaobjects to Reinforce Data Leakage Attacks

Hoyong Jeong; Hodong Kim; Junbeom Hur

doi:10.1145/3545948.3545965

Exploiting Metaobjects to Reinforce Data Leakage Attacks

Hoyong Jeong
, Hodong Kim
, Junbeom Hur

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Reflective features in modern programming languages allow programs to introspect and modify their own structures and behavior during runtime. As these self-referential capabilities are frequently adopted in practice, security of the reflective systems becomes crucial. In this paper, we explore an adversary against reflective systems with access to a data leakage channel, which has previously been considered impractical to pose a realistic threat. In particular, we show that a crucial component of reflection, referred to as metaobjects, can be exploited to reinforce these data leakage channels. We introduce a novel attack strategy that exploits certain metaobjects as in-memory gadgets to leak data in a selective and target-oriented manner, consequentially eliminating the unnecessary sampling procedures inevitable in naive data leakage attacks. Such approach significantly optimizes the data space subject to extraction, elevating the practicality of the underlying data leakage channel. As an instantiation of our strategy, we propose and demonstrate SMDL, a framework that exploits reflection to reinforce Meltdown-type attacks to steal valuable data from the victim's memory. To demonstrate the efficacy of our attack, we implement SMDL against two different target applications, cryptographic library and deep learning service, and show that the secret key and neural network can be extracted with high accuracy and efficiency. Finally, we suggest metaobject obfuscation techniques to mitigate such exploitation.

Original language	English
Title of host publication	Proceedings of 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022
Publisher	Association for Computing Machinery
Pages	17-29
Number of pages	13
ISBN (Electronic)	9781450397049
DOIs	https://doi.org/10.1145/3545948.3545965
Publication status	Published - 2022 Oct 26
Event	25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022 - Limassol, Cyprus Duration: 2022 Oct 26 → 2022 Oct 28

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022
Country/Territory	Cyprus
City	Limassol
Period	22/10/26 → 22/10/28

Bibliographical note

Publisher Copyright:
© 2022 ACM.

Keywords

meltdown
memory disclosure
reflective programming

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Vision and Pattern Recognition
Computer Networks and Communications

Access to Document

10.1145/3545948.3545965

Cite this

Exploiting Metaobjects to Reinforce Data Leakage Attacks. / Jeong, Hoyong; Kim, Hodong; Hur, Junbeom.
Proceedings of 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022. Association for Computing Machinery, 2022. p. 17-29 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jeong, H, Kim, H & Hur, J 2022, Exploiting Metaobjects to Reinforce Data Leakage Attacks. in Proceedings of 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 17-29, 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022, Limassol, Cyprus, 22/10/26. https://doi.org/10.1145/3545948.3545965

@inproceedings{e7b06804dadb48d4b2e774710346e681,

title = "Exploiting Metaobjects to Reinforce Data Leakage Attacks",

abstract = "Reflective features in modern programming languages allow programs to introspect and modify their own structures and behavior during runtime. As these self-referential capabilities are frequently adopted in practice, security of the reflective systems becomes crucial. In this paper, we explore an adversary against reflective systems with access to a data leakage channel, which has previously been considered impractical to pose a realistic threat. In particular, we show that a crucial component of reflection, referred to as metaobjects, can be exploited to reinforce these data leakage channels. We introduce a novel attack strategy that exploits certain metaobjects as in-memory gadgets to leak data in a selective and target-oriented manner, consequentially eliminating the unnecessary sampling procedures inevitable in naive data leakage attacks. Such approach significantly optimizes the data space subject to extraction, elevating the practicality of the underlying data leakage channel. As an instantiation of our strategy, we propose and demonstrate SMDL, a framework that exploits reflection to reinforce Meltdown-type attacks to steal valuable data from the victim's memory. To demonstrate the efficacy of our attack, we implement SMDL against two different target applications, cryptographic library and deep learning service, and show that the secret key and neural network can be extracted with high accuracy and efficiency. Finally, we suggest metaobject obfuscation techniques to mitigate such exploitation.",

keywords = "meltdown, memory disclosure, reflective programming",

author = "Hoyong Jeong and Hodong Kim and Junbeom Hur",

note = "Publisher Copyright: {\textcopyright} 2022 ACM.; 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022 ; Conference date: 26-10-2022 Through 28-10-2022",

year = "2022",

month = oct,

day = "26",

doi = "10.1145/3545948.3545965",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "17--29",

booktitle = "Proceedings of 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022",

}

TY - GEN

T1 - Exploiting Metaobjects to Reinforce Data Leakage Attacks

AU - Jeong, Hoyong

AU - Kim, Hodong

AU - Hur, Junbeom

PY - 2022/10/26

Y1 - 2022/10/26

N2 - Reflective features in modern programming languages allow programs to introspect and modify their own structures and behavior during runtime. As these self-referential capabilities are frequently adopted in practice, security of the reflective systems becomes crucial. In this paper, we explore an adversary against reflective systems with access to a data leakage channel, which has previously been considered impractical to pose a realistic threat. In particular, we show that a crucial component of reflection, referred to as metaobjects, can be exploited to reinforce these data leakage channels. We introduce a novel attack strategy that exploits certain metaobjects as in-memory gadgets to leak data in a selective and target-oriented manner, consequentially eliminating the unnecessary sampling procedures inevitable in naive data leakage attacks. Such approach significantly optimizes the data space subject to extraction, elevating the practicality of the underlying data leakage channel. As an instantiation of our strategy, we propose and demonstrate SMDL, a framework that exploits reflection to reinforce Meltdown-type attacks to steal valuable data from the victim's memory. To demonstrate the efficacy of our attack, we implement SMDL against two different target applications, cryptographic library and deep learning service, and show that the secret key and neural network can be extracted with high accuracy and efficiency. Finally, we suggest metaobject obfuscation techniques to mitigate such exploitation.

AB - Reflective features in modern programming languages allow programs to introspect and modify their own structures and behavior during runtime. As these self-referential capabilities are frequently adopted in practice, security of the reflective systems becomes crucial. In this paper, we explore an adversary against reflective systems with access to a data leakage channel, which has previously been considered impractical to pose a realistic threat. In particular, we show that a crucial component of reflection, referred to as metaobjects, can be exploited to reinforce these data leakage channels. We introduce a novel attack strategy that exploits certain metaobjects as in-memory gadgets to leak data in a selective and target-oriented manner, consequentially eliminating the unnecessary sampling procedures inevitable in naive data leakage attacks. Such approach significantly optimizes the data space subject to extraction, elevating the practicality of the underlying data leakage channel. As an instantiation of our strategy, we propose and demonstrate SMDL, a framework that exploits reflection to reinforce Meltdown-type attacks to steal valuable data from the victim's memory. To demonstrate the efficacy of our attack, we implement SMDL against two different target applications, cryptographic library and deep learning service, and show that the secret key and neural network can be extracted with high accuracy and efficiency. Finally, we suggest metaobject obfuscation techniques to mitigate such exploitation.

KW - meltdown

KW - memory disclosure

KW - reflective programming

UR - https://www.scopus.com/pages/publications/85142480373

U2 - 10.1145/3545948.3545965

DO - 10.1145/3545948.3545965

M3 - Conference contribution

AN - SCOPUS:85142480373

T3 - ACM International Conference Proceeding Series

SP - 17

EP - 29

BT - Proceedings of 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022

PB - Association for Computing Machinery

T2 - 25th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2022

Y2 - 26 October 2022 through 28 October 2022

ER -

Exploiting Metaobjects to Reinforce Data Leakage Attacks

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this