Automatic fragmented layout for multi-module ROP

被引：0

作者：

Huang N. ^{[1
]}

Huang S. ^{[1
]}

Pan Z. ^{[1
]}

Chang C. ^{[1
]}

机构：

[1] College of Electronic Engineering, National University of Defense Technology, Hefei

来源：

Guofang Keji Daxue Xuebao/Journal of National University of Defense Technology | 2020年 / 42卷 / 03期

关键词：

Data execution prevention; Fragmented layout; Return-oriented programming; Symbolic execution;

D O I：

10.11887/j.cn.202003004

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

ROP (return-oriented programming) is a technique which is able to bypass the protection of the DEP (data execution prevention). The ROP can constitute a program that performs a specific function by searching for an appropriate assembly instruction fragment in the memory code area. Previous methods for automatic generation of ROP do not consider the limitation of the layout of ROP caused by the program memory requirement, which leads to poor practicability of ROP. In order to solve this problem, a new method for automatic fragmented layout of multi-module ROP based on symbolic execution was proposed. The ROP chain was divided into different modules on the basis of automatic ROP generation framework Q; the controllability of memory was dynamically analyzed by using symbolic execution tool S2E; the controllable memory areas for each ROP module was found, and the fragmented layout ROP was automatically constructed. Experiments show that, compared with the previous methods, the ROP chain generated by the proposed method can effectively reduce the requirements for the program memory controllability. © 2020, NUDT Press. All right reserved.

引用

页码：22 / 29

页数：7

共 16 条

[1]

SHAO Sihao, GAO Qing, MA Sen, Et al., Progress in research on buffer overflow vulnerability analysis technologies, Journal of Software, 29, 5, pp. 1177-1198, (2018)

[2]

GAO Yingchun, ZHOU Anmin, LIU Liang, Data-execution prevention technology in windows system, Information Security and Communications Privacy, 7, pp. 77-79, (2013)

[3]

WEI Qiang, WEI Tao, WANG Jiajie, Evolution of exploitation and exploit mitigation, Journal of Tsinghua University(Science & Technology), 51, 10, pp. 1274-1280, (2011)

[4]

Shacham H., The geometry of innocent flesh on the bone, Proceedings of the ACM Conference on Computer and Communications Security, pp. 552-561, (2007)

[5]

Buchanan E, Roemer R, Shacham H, Et al., When good instructions go bad: generalizing return-oriented programming to RISC, Proceedings of the ACM Conference on Computer and Communications Security, pp. 27-38, (2008)

[6]

Lu K J, Zou D B, Wen W P, Et al., Packed, printable, and polymorphic return-oriented programming, Proceedings of International Workshop on Recent Advances in Intrusion Detection, pp. 101-120, (2011)

[7]

CHANG Chao, LIU Kesheng, TAN Longdan, Et al., Data flow analysis for C program based on graph model, Journal of Zhejiang University (Engineering Science), 51, 5, pp. 1007-1015, (2017)

[8]

Chipounov V, Kuznetsov V, Candea G., The S2E platform: design, implementation, and applications, ACM Transactions on Computer Systems, 30, 1, pp. 1-49, (2012)

[9]

Huang S K, Huang M H, Huang P Y, Et al., CRAX: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations, Proceedings of IEEE Sixth International Conference on Software Security and Reliability (SERE), pp. 78-87, (2012)

[10]

Cha S K, Avgerinos T, Rebert A, Et al., Unleashing mayhem on binary code, Proceedings of IEEE Symposium on Security and Privacy, pp. 380-394, (2012)

← 1 2 →