Research On ROP Attack And Defense Technolodge On ARM

With the development of mobile phone area, ARM architecture ismore used into the smartphones and tablets than any other architecture.Researchers have paid more attention on the security issues of ARMarchitecture. Control-flow attack has becoming the major attack methodfor the hackers on this platform. Hackers inject more dates than the buffercapacity by using buffer overflow vulnerability so as to overwrite thereturn address; therefore, the control flow will turn into the hackers’shellcode. In order to protect this kind of attack, W⊕X protectionmechanism has been added into the operation systems, such as Windows,Linux etc. This mechanism is also called as Date Execution Prevention(DEP), which has been designed into the major architecture platforms,such as Intel XD-bit, AMD ND-bit and ARM XN-bit. Return-orientedprogramming (ROP) is brought up to bypass this protection mechanism.ROP technology searches the useful code sequences in a vulnerableprogram and combines them together to perform a malicious operation.This paper researches the ROP attack and defense theory on ARMarchitecture. Due to lack of automated tools for ROP gadgets search onARM architecture while manually searching the gadget is complicated, aROP gadget automated search algorithm and sandbox defense system areproposed in this paper. Following two aspects are the major researches:Firstly, research on the ROP gadget automated search tools on ARM architecture. This tool first searches the useful code sequences, locates thebranch instructions, using backwards search algorithm to search gadgetsin depth of five. The second search algorithm is based on semantic rulelibrary. Using the base gadgets library to combine more complicatedgadgets, therefore the tool can perform arbitrary operation and realizeTuring completeness. This tool can help hacker quickly locate the gadgetsand shorten the exploit process.Secondly, this paper analyzes the differences of ROP attack betweenARM and X86architectures, presents details of ARM architecture andinstruction set. QEMU is used to emulate ARM architecture and ROPattack experiment is presented in this paper. At last, a library sandboxmechanism has been brought up to defense this kind of attack, which usesbinary translation technology to control the execution flow integrity.Sandbox mechanism prevents hackers use fixed library address to attackthe program and therefore secure the operation system.