Evaluating the theoretical feasibility of an SROP attack against Oxymoron

Many of the defenses proposed to defend against exploitation of memory corruption vulnerabilities rely on the randomization of addresses in the process space of a binary. Oxymoron is an exploit mitigation mechanism for x86 processors that relies on reorganizing the instructions in an Executable and Linkable Format(ELF) file to enable randomization at a page level. Sigreturn Oriented Programming(SROP) is an exploitation mechanism that requires very few gadgets. It has been shown that either these gadgets are available at constant addresses for a given kernel version or can be leaked. In this paper, we evaluate the theoretical feasibility of an SROP attack against an Oxymoron protected binary and determine the preconditions necessary to make such an attack possible. As an aid to writing such exploits, we also implement libsrop, a library that generates customizable SROP payloads for x86 and x86-64.