基于地址随机和段隔离的全局偏移表保护方法

Protection method for global offset table based on address randomization and segment isolation

下载PDF

导出

摘要在可执行和可链接格式(ELF)的可执行程序中,存在一个全局偏移表(GOT),用于存放引用库函数的绝对地址,但是在Linux系统中,GOT解引用和GOT覆写是两种比较常用的漏洞利用方法。通过分析GOT的特性,提出并实现了基于地址随机和段隔离的GOT保护方法。通过修改Linux的可执行程序加载器,将与GOT有数据指向关系的节均加载到随机内存地址;同时使用段隔离技术,对GOT的代码引用的指令使用一个新的段寄存器进行间接引用。实验结果证明,该方法不仅能够有效地防御针对GOT的漏洞利用方法,而且性能损耗极低,只有平均2.9 ms的额外开销。 In an Executable and Linkable Format（ ELF） executable program, Global Offset Table（ GOT） was used to store the absolute addresses of library functions. But in Linux operation system, GOT dereference and GOT overwrite are two common vulnerability exploit methods. Through analyzing the GOT feature, a protection method for GOT based on address randomization and segment isolation was proposed and implemented. With modifying the ELF loader program, all sections which pointed to the GOT were loaded into random memory addresses. Using segment isolation technology, all instructions with reference to GOT used a new segment register. The experimental results prove that the proposed method can not only defense against the exploit method of GOT effectively, but also has a very low cost of average 2. 9 milliseconds.

作者林键郭玉东周少皇

机构地区信息工程大学数学工程与先进计算国家重点实验室(信息工程大学)

出处《计算机应用》 CSCD 北大核心 2016年第7期1852-1855,1869,共5页 journal of Computer Applications

关键词全局偏移表保护地址随机段隔离全局偏移表解引用全局偏移表覆写 Global Offset Table（GOT） protection address randomization segment isolation GOT dereference GOT overwrite

分类号 TP309.2 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献16

1TEAM PAX. PaX address space layout randomization [ EB/OL]. [ 2003-03-15]. https://pax, grsecurity, net/docs/aslr, txt.
2Wikipedia. Data execution prevention [ EB/OL]. [2015-03-12]. https://en, wikipedia, org/wiki/Data_Exeeution_Prevention.
3MARCO-GISBERT H, RIPOLL I. On the effectiveness of full-ASLR on 64-bit Linux [ EB/OL]. [ 2015- 11- 20]. http://cybersecurity. upv. es/attacks/offset21ib/offset21ib-paper, pdf.
4ROGLIA G F, MARTIGNONI L, PALEARI R, et al. Surgically re- turning to randomized lib(c) [ C]//ACSAC' 09: Proceedings of the 2009 Annual Computer Security Applications Conference. Piscat- away, NJ: IEEE, 2009: 60-69.
5Open Security Group. How to hijack the global offset table with pointers for root shells [ EB/OL]. [ 2015- 04- 04]. http://www. open-security, org/texts/6.
6DAVI L, SADEGHI A R, LEHMANN D, et al. Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integri- ty protection [ C]// SEC' 14: Proceedings of the 23rd USENIX Se- curity Symposium. Berkeley, CA: USENIX Association, 2014:401 -416.
7KLEIN T. A Bug Hunter' s Diary: a Guided Tour Through the Wilds of Software Security [ M]. San Francisco: No Starch Press, 2011: 183 - 185.
8KLEIN T. RELRO-A (not so well known) memory corruption miti- gation technique [EB/OL]. [2015-02-21]. http://tk-blog. blogspot, jp/2009/02/relro-not-so-well-known-memory, html.
9ZHANG C, DUAN L, WEI T, et al. SecGOT: secure global offset tables in ELF executables [ C]// Proceedings of the 2013 Interna- tional Conference on Computer Science and Electronics Engineering. Amsterdam: Atlantis Press, 2013:995 -998.
10XU J, KALBARCZYK Z, IYER R K. Transparent rnntime ran- domization for security [ C] !! Proceedings of the 22nd International Symposium on Reliable Distributed Systems. Piscataway, NJ: IEEE, 2003:260-269.

1快人.亲手打造安心上网环境上网安全防护经典四问[J].电子测试,2002,15(8):108-111.
2王永业.Win95下的绝对地址内存操作[J].新浪潮,1997(2):58-59.
3视频下载源文件直接下载[J].电脑爱好者（普及版）,2011(A01):199-199.
4刘淳.51单片机C语言编程中的绝对定位问题[J].空军雷达学院学报,2002,16(2):57-59. 被引量：1
5李洪年.不动注册表解限制[J].中学生电脑,2003(7):80-80.
6王荣荣,刘海霞.汇编语言程序的结束[J].内蒙古科技与经济,1999,0(S1):265-265.
7孙福玉,曹万苍.AT89C51与中断有关的寄存器功能表解[J].赤峰学院学报（自然科学版）,2012,28(19):61-63.
8顾唯一.《建立页面链接》教学设计[J].新课程学习（下）,2013(1):50-51. 被引量：1
9鲍蓉.FOXPRO的宏替换与间接引用[J].徐州工程学院学报（社会科学版）,1996,13(1):82-83.
10付天顺.Flash也玩破解——去除Flash文件网络验证[J].黑客防线,2008(4):139-140.

计算机应用

2016年第7期

浏览历史

内容加载中请稍等...

基于地址随机和段隔离的全局偏移表保护方法

参考文献16

相关作者

相关机构

相关主题

浏览历史