Code reuse attack-resisting work progress randomization method and system

A work process and code reuse technology, applied in code generation, application software security and protection fields, can solve problems such as high overhead, no way to achieve asynchronous, legacy code cannot be well protected, etc., to achieve low overhead Effect

Active Publication Date: 2016-01-06
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The current defense against code reuse attacks that exploit memory leaks is either ineffective or very costly: XnR uses a sliding window method to defend against code reuse attacks, so there are still many memory pages within the sliding window that are both executable and executable. Read, if the attacker attacks within the sliding window, XnR cannot be defended. A major problem faced by HideM is that since 2008, the hardware CPU uses a shared second-level TLB, which means that both ITLB and DTLB will be from the common The mapping relationship is obtained in the second-level TLB. Due to the existence of the shared second-level TLB, there is no way for ITLB and DTLB to be out of sync. Therefor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code reuse attack-resisting work progress randomization method and system
  • Code reuse attack-resisting work progress randomization method and system
  • Code reuse attack-resisting work progress randomization method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] Due to the design of the current hardware CPU, it is impossible to make the code page executable but not readable. The existing three methods to prevent the code page from being readable all need to modify the kernel or use new hardware. Modifying the kernel is the most users' choice. Unacceptable, because adding code to the kernel also has security problems and the problem is more serious. The biggest limitation of using new hardware is whether all CPUs have the support of this hardware, so the existing ones prevent attackers from using memory leak vulnerabilities to read The method of code is very difficult to deploy, but there are many problems in the method of tolerating attackers to read the code: the diversification of execution flow also has very serious performance problems and will also destroy the DEP mechanism; the existing method of continuous randomization only supports kernel randomization And the need to rewrite the kernel also destroys the DEP mechanism. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a code reuse attack-resisting work progress randomization method and system. The method comprises the following steps: 1, presetting a new progress, sharing memory space of the work progress to the new progress, initiating the new progress, disassembling all the code segments in the new progress and recording intermediate representation, recognizing function information in the code segments, and analyzing execution streams in the function information and dividing basic blocks; 2, randomizing the code segments according to the intermediate representation so as to generate new code segments, sending a signal interrupt instruction to the work progress by the new progress, carrying out state transition operation by the new progress when the new progress confirms that the work progress is interrupted and the work progress stores corresponding information, and deleting the code segments when the new progress confirms that the work progress starts to execute the new code segments after the state transition operation is finished; and 3, circularly executing the steps 1 to 2.

Description

technical field [0001] The invention relates to the technical fields of code generation and application software security and protection, in particular to a method and system for randomizing work processes against code reuse attacks. Background technique [0002] Attackers and defenders have always been in a competitive relationship. In order to resist code injection attacks (code injection), a data execution protection mechanism (data execution prevention, DEP) has been introduced into the computer system, and the attribute of any memory area is limited to W⊕X. The mechanism makes the malicious code (shellcode) uploaded by the attacker unable to execute. In response, the attacker proposes a code reuse attack (codereuse), which can effectively bypass the DEP mechanism. The attacker will first obtain the code layout of the target machine, and then pass Carefully construct the carrier (payload) to use the indirect jump (indirectjmp), indirect call (indirectcall) and function r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 王喆武成岗王振江李建军
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap