首页 | 本学科首页   官方微博 | 高级检索  
     

运行时代码随机化防御代码复用攻击
引用本文:张贵民,李清宝,曾光裕,赵宇韬.运行时代码随机化防御代码复用攻击[J].软件学报,2019,30(9):2772-2790.
作者姓名:张贵民  李清宝  曾光裕  赵宇韬
作者单位:解放军信息工程大学, 河南 郑州 450001;数学工程与先进计算国家重点实验室, 河南 郑州 450001,解放军信息工程大学, 河南 郑州 450001;数学工程与先进计算国家重点实验室, 河南 郑州 450001,解放军信息工程大学, 河南 郑州 450001;数学工程与先进计算国家重点实验室, 河南 郑州 450001,解放军信息工程大学, 河南 郑州 450001;数学工程与先进计算国家重点实验室, 河南 郑州 450001
基金项目:国家社会科学基金(15AJG012);国家“核高基”科技重大专项(2013JH00103)
摘    要:代码复用攻击日趋复杂,传统的代码随机化方法已无法提供足够的防护.为此,提出一种基于运行时代码随机化的代码复用攻击防御方法LCR.该方法在目标程序正常运行时,实时监控攻击者企图获取或利用gadgets的行为,当发现监控的行为发生时,立即触发对代码进行函数块级的随机化变换,使攻击者最终获取或利用的gadgets信息失效,从而阻止代码复用攻击的实现.设计实现了LCR原型系统,并对提出的方法进行了测试.结果表明:LCR能够有效防御基于直接或间接内存泄漏等实现的代码复用攻击,且在SPEC CPU2006上的平均开销低于5%.

关 键 词:代码随机化  代码复用攻击  内存泄漏
收稿时间:2016/9/14 0:00:00
修稿时间:2017/6/6 0:00:00

Defensing Code Reuse Attacks Using Live Code Randomization
ZHANG Gui-Min,LI Qing-Bao,ZENG Guang-Yu and ZHAO Yu-Tao.Defensing Code Reuse Attacks Using Live Code Randomization[J].Journal of Software,2019,30(9):2772-2790.
Authors:ZHANG Gui-Min  LI Qing-Bao  ZENG Guang-Yu and ZHAO Yu-Tao
Affiliation:PLA Information Engineering University, Zhengzhou 450001, China;State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China,PLA Information Engineering University, Zhengzhou 450001, China;State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China,PLA Information Engineering University, Zhengzhou 450001, China;State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China and PLA Information Engineering University, Zhengzhou 450001, China;State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
Abstract:As code reuse attacks (CRA) are becoming increasingly complex, legacy code randomization methods have been unable to provide adequate protection. An approach called LCR is present to defense CRA by living code randomization. LCR real-time monitors all suspicious operations which aim to find or utilize gadgets. When above events occur, LCR randomizes the function blocks of the target process in the memory so that gadgets'' information known by attackers become invalid and attacks composed of these gadgets will fail. Finally, a prototype system of LCR is implemented to test the proposed method. Experiment results show that LCR can effectively defense CRAs based on direct or indirect memory disclosure, meanwhile introduces low run-time performance overhead on SPEC CPU2006 with less than 5% on average.
Keywords:code randomization  code reuse attack  memory disclosure
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号