Jisuanji kexue (Oct 2022)
Defense Method Against Code Reuse Attack Based on Real-time Code Loading and Unloading
Abstract
In recent years,code reuse attack has become a mainstream attack against binary programs.The code reuse attack such as ROP uses the instruction gadgets in the memory space to construct an instruction sequence that can realize specific functions and achieve malicious purposes.According to the basic principle of the code reuse attack,this paper proposes a defense method based on real-time function loading and unloading.More specifically,the method shrinks the code space by the dynamic loading/unloading,to reduce the attack surface and defend the code reuse.First,it extracts sufficient function information in the dependent libraries of the target program by static analysis,and uses this information in the form of replacement libraries.Second,it introduces real-time loading in the dynamic loader in Linux,and proposes an auto-triggerable and auto-restorable loading/unloading.In order to reduce the high overhead caused by frequent unloading,a randomized batch unloading mechanism is designed.Finally,experiments are carried out in a real environment to verify the effectiveness of the scheme against code reuse attacks,and the significance of the randomized unloading strategy is demonstrated.
Keywords
