Journal of Software:2019.30(9):2772-2790

(解放军信息工程大学, 河南 郑州 450001;数学工程与先进计算国家重点实验室, 河南 郑州 450001)
Defensing Code Reuse Attacks Using Live Code Randomization
ZHANG Gui-Min,LI Qing-Bao,ZENG Guang-Yu,ZHAO Yu-Tao
(PLA Information Engineering University, Zhengzhou 450001, China;State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China)
Chart / table
Similar Articles
Article :Browse 247   Download 227
Received:September 14, 2016    Revised:June 06, 2017
> 中文摘要: 代码复用攻击日趋复杂,传统的代码随机化方法已无法提供足够的防护.为此,提出一种基于运行时代码随机化的代码复用攻击防御方法LCR.该方法在目标程序正常运行时,实时监控攻击者企图获取或利用gadgets的行为,当发现监控的行为发生时,立即触发对代码进行函数块级的随机化变换,使攻击者最终获取或利用的gadgets信息失效,从而阻止代码复用攻击的实现.设计实现了LCR原型系统,并对提出的方法进行了测试.结果表明:LCR能够有效防御基于直接或间接内存泄漏等实现的代码复用攻击,且在SPEC CPU2006上的平均开销低于5%.
Abstract:As code reuse attacks (CRA) are becoming increasingly complex, legacy code randomization methods have been unable to provide adequate protection. An approach called LCR is present to defense CRA by living code randomization. LCR real-time monitors all suspicious operations which aim to find or utilize gadgets. When above events occur, LCR randomizes the function blocks of the target process in the memory so that gadgets' information known by attackers become invalid and attacks composed of these gadgets will fail. Finally, a prototype system of LCR is implemented to test the proposed method. Experiment results show that LCR can effectively defense CRAs based on direct or indirect memory disclosure, meanwhile introduces low run-time performance overhead on SPEC CPU2006 with less than 5% on average.
文章编号:     中图分类号:TP309    文献标志码:
基金项目:国家社会科学基金(15AJG012);国家“核高基”科技重大专项(2013JH00103) 国家社会科学基金(15AJG012);国家“核高基”科技重大专项(2013JH00103)
Foundation items:National Social Science Foundation of China (15AJG012); National Science and Technology Major Project of China (2013JH00103)
Reference text:


ZHANG Gui-Min,LI Qing-Bao,ZENG Guang-Yu,ZHAO Yu-Tao.Defensing Code Reuse Attacks Using Live Code Randomization.Journal of Software,2019,30(9):2772-2790