摘要
在可执行和可链接格式(ELF)的可执行程序中,存在一个全局偏移表(GOT),用于存放引用库函数的绝对地址,但是在Linux系统中,GOT解引用和GOT覆写是两种比较常用的漏洞利用方法。通过分析GOT的特性,提出并实现了基于地址随机和段隔离的GOT保护方法。通过修改Linux的可执行程序加载器,将与GOT有数据指向关系的节均加载到随机内存地址;同时使用段隔离技术,对GOT的代码引用的指令使用一个新的段寄存器进行间接引用。实验结果证明,该方法不仅能够有效地防御针对GOT的漏洞利用方法,而且性能损耗极低,只有平均2.9 ms的额外开销。
In an Executable and Linkable Format( ELF) executable program, Global Offset Table( GOT) was used to store the absolute addresses of library functions. But in Linux operation system, GOT dereference and GOT overwrite are two common vulnerability exploit methods. Through analyzing the GOT feature, a protection method for GOT based on address randomization and segment isolation was proposed and implemented. With modifying the ELF loader program, all sections which pointed to the GOT were loaded into random memory addresses. Using segment isolation technology, all instructions with reference to GOT used a new segment register. The experimental results prove that the proposed method can not only defense against the exploit method of GOT effectively, but also has a very low cost of average 2. 9 milliseconds.
出处
《计算机应用》
CSCD
北大核心
2016年第7期1852-1855,1869,共5页
journal of Computer Applications