摘要
近年来,代码重用攻击(Code Reuse Attack)已经成为针对二进制程序的一种主流攻击方式。以ROP为代表的代码重用攻击,利用内存空间中存在的指令片段,构建出能实现特定功能的指令序列,达成了恶意目标。文中根据代码重用攻击的基本原理,提出了基于实时装卸载函数代码的防御方法,通过动态装卸载的方式裁剪代码空间,从而达到缩小攻击面以防御代码重用的目的。首先,以静态分析的方式获取受保护程序依赖库的函数信息;以替换库的形式使用这些信息;其次,在Linux动态装载器中引入实时装载函数的操作及自动触发和还原的装卸载流程,为了减小频繁卸载导致的高额开销,设计了随机化批量卸载机制;最后,在真实环境中开展实验,验证了该方案防御代码重用攻击的有效性,展示了随机卸载策略的意义。
In recent years, code reuse attack has become a mainstream attack against binary programs.The code reuse attack such as ROP uses the instruction gadgets in the memory space to construct an instruction sequence that can realize specific functions and achieve malicious purposes.According to the basic principle of the code reuse attack, this paper proposes a defense method based on real-time function loading and unloading.More specifically, the method shrinks the code space by the dynamic loading/unloading, to reduce the attack surface and defend the code reuse.First, it extracts sufficient function information in the dependent libraries of the target program by static analysis, and uses this information in the form of replacement libraries.Second, it introduces real-time loading in the dynamic loader in Linux, and proposes an auto-triggerable and auto-restorable loading/unloading.In order to reduce the high overhead caused by frequent unloading, a randomized batch unloading mechanism is designed.Finally, experiments are carried out in a real environment to verify the effectiveness of the scheme against code reuse attacks, and the significance of the randomized unloading strategy is demonstrated.
作者
侯尚文
黄建军
梁彬
游伟
石文昌
HOU Shang-wen;HUANG Jian-jun;LIANG Bin;YOU Wei;SHI Wen-chang(School of Information,Renmin University of China,Beijing 100872,China)
出处
《计算机科学》
CSCD
北大核心
2022年第10期279-284,共6页
Computer Science
基金
国家自然科学基金(U1836209)。
关键词
代码重用攻击
实时代码装卸载
面向返回编程
动态链接库
随机卸载
Code reuse attack
Real-time code loading and unloading
Return oriented programming
Dynamic link library
Randomized unloading
