Software security enhancing method based on binary rewrite and dynamic randomization

Abstract

The invention provides a software security enhancing method based on binary rewrite and dynamic randomization, comprising the following modules: 1) static binary rewrite; 2) double-level mapping, namely from a process logical page to a logical page and from the logical page to a physical page; 3) a dynamic randomization mechanism periodically randomizes a process address space by taking pages as granularities; 4) a logical address mapping redirecting mechanism provides the logical address mapping a redirecting service for a process. According to the software security enhancing method based on the binary rewrite and the dynamic randomization, the randomization entropy of the process address space is remarkably improved through the fine granularity dynamic cyclical randomization, the successful probability of attacking of an attacker is lowered, and the security of the a computer system and software is improved.

Description

technical field

[0001] The invention belongs to the field of computer technology, especially the field of system and software safety. The invention provides a software security enhancement method combined with binary rewriting and dynamic randomization, which is used to improve the security of the operating system and application software. Background technique

[0002] Computer technology has played a pivotal role in production and life, and it is becoming more and more important to ensure the security of computer systems and software. In the arms race of computer system and software security, the attacks that have appeared successively include: Buffer Overflow Attack, Code Injection Attack, Code Reuse Attack, Information Leakage Attack, etc.; Correspondingly, related defense mechanisms include: No-eXecute (NX), Address Space Layout Randomization (ASLR), etc.

[0003] Buffer overflow attack: a widely used and seriously harmful attack method has become an important problem ...

Images