计算机科学 ›› 2022, Vol. 49 ›› Issue (10): 279-284.doi: 10.11896/jsjkx.220500091
侯尚文, 黄建军, 梁彬, 游伟, 石文昌
HOU Shang-wen, HUANG Jian-jun, LIANG Bin, YOU Wei, SHI Wen-chang
摘要: 近年来,代码重用攻击(Code Reuse Attack)已经成为针对二进制程序的一种主流攻击方式。以ROP为代表的代码重用攻击,利用内存空间中存在的指令片段,构建出能实现特定功能的指令序列,达成了恶意目标。文中根据代码重用攻击的基本原理,提出了基于实时装卸载函数代码的防御方法,通过动态装卸载的方式裁剪代码空间,从而达到缩小攻击面以防御代码重用的目的。首先,以静态分析的方式获取受保护程序依赖库的函数信息;以替换库的形式使用这些信息;其次,在Linux动态装载器中引入实时装载函数的操作及自动触发和还原的装卸载流程,为了减小频繁卸载导致的高额开销,设计了随机化批量卸载机制;最后,在真实环境中开展实验,验证了该方案防御代码重用攻击的有效性,展示了随机卸载策略的意义。
中图分类号:
[1]The PaX Team.Pax:non-executable pages design & implementation[EB/OL].https://pax.grsecurity.net/docs/noexec.txt. [2]COntex.Bypassing non-executable-stack during exploitationusing return-to-libc[EB/OL].http://css.csail.mit.edu/6.858/2014/readings/return-to-libc.pdf. [3]SHACHAM H.The geometry of innocent flesh on the bone:Returninto-libc without function calls(on the x86)[C]//Proceedings of the ACM Conference on Computer and Communications Security(CCS'07).2007:552-561. [4]BLETSCH T,JIANG X,FREH V,et al.Jump Oriented Programming:A New Class of Code-Reuse[C]//Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security(ASIACCS '11).2011:30-40. [5]SNOW K Z,MONROSE F,DAVI L,et al.Just-in-time code reuse:On the effective-ness of fine-grained address space layout randomization[C]//IEEE.2013:574-588. [6]VEEN V V D,ANDRIESSE D,STAMATOGIANNAKIS M,et al.The dynamics of innocent flesh on the bone:Code reuse ten years later[C]//the 2017 ACM SIGSAC Conference.ACM,2017:1675-1689. [7]SADEGHI A,NIKSEFAT S,ROSTAMIPOUR M.Pure-calloriented programming(pcop):chaining the gadgets using call instructions[J].Journal of Computer Virology and Hacking Techniques,2018,14(2):139-156. [8]HU H,SHINDE S,ADRIAN S,et al.Data-oriented program-ming:On the expressiveness of non-control data attacks[C]//2016 IEEE Symposium on Security and Privacy(SP).2016:969-986. [9]RAINS T,MILLER M,WESTON D.Exploitation trends:From potential risk to actual risk[C]//RSA Conference.2015. [10]LI X A,SZOR P.Emerging “stack pivoting” exploits bypass common security[EB/OL].https://securingtomorrow.mcafee.com/other-blogs/mcafeelabs/emerging-stack-pivoting-exploits-bypass-common-security/. [11]SCHLOEGEL M,BLAZYTKO T,BASLER J,et al.TowardsAutomating Code-Reuse Attacks Using Synthesized Gadget Chains[C]//ESORICS.2021. [12]ABADI M,BUDIU M,ERLINGSSON Ú,et al.Control-flow integrity[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security.ACM,2005:340-353. [13]MASHTIZADEH A J,BITTAU A,BONEH D,et al.CCFI:Cryptographically enforced control flow integrity[C]//Procee-dings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security.ACM,NY,USA,2015:941-951. [14]DENIS-COURMONT R,LILJESTRAND H,CHINEA C,et al.Camouflage:Hardware-assisted CFI for the ARM Linux kernel[C]//2020 57th ACM/IEEE Design Automation Conference(DAC).2020:1-6. [15]HYEREAN J,MOON C P,DONG H L.IBV-CFI:Efficient fine-grained control-flow integrity preserving CFG precision[J].Computers & Security,2020,94:101828. [16]QIANG W,HUANG Y,JIN H,et al.CloudCFI:Context-Sensitive and Incremental CFI in the Cloud Environment[J].In IEEE Transactions on Cloud Computing,2021,9(3):938-957. [17]FU A M,DING W J,KUANG B Y,et al.FH-CFI:Fine-grained hardware-assisted control flow integrity for ARM-based IoT devices[J].Computers & Security,2022,116:102666. [18]PAX Team.Address Space Layout Randomization[EB/OL].http://pax.grsecurity.net/docs/aslr.txt. [19]BLETSCH T.Code-reuse attacks:New frontiers and defenses[J/OL].https://repository.lib.ncsu.edu/bitstream/handle/1840.16/6698/etd.pdf;jsessionid=DF7DE65EDFDB8C2D7110D1CA2BB6DEAC-sequence=1. [20]POMONIS M.Preventing Code Reuse Attacks On Modern Operating Systems[M].Columbia:Columbia University,2020. [21]MISHRA S,POLYCHRONAKIS M.SGXPecial:SpecializingSGX Interfaces against Code Reuse Attacks[C]//Sixteenth European Conference on Computer Systems(EuroSys'21).2021. |
[1] | 蒋楚, 王永杰. GDL:一种通用型代码重用攻击gadget描述语言 GDL:A Gadget Description Language for General Code Reuse Attack 计算机科学, 2020, 47(6): 284-293. https://doi.org/10.11896/jsjkx.190700109 |
[2] | 陈志泊,林 健. 基于DirectUl可扩展应用程序架构的设计与实现 Expanded Application Framework Based on DirectUI 计算机科学, 2012, 39(Z11): 295-300. |
|