| With the rapid development of the software industry,software has become the people's indispensable part of daily life and works,software security can not be ignored.Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities,using C/C ++,assembly and other relatively low-level programming languages will inevitably lead to the vulnerability.Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability.In this paper,we propose a defense method which rewrites C ++ language binaries and checks integrity of virtual function table against virtual function table hijacking attack.First of all,using automated analysis method to extract and virtual function tables and virtual function call related location information from the binary program.Followed by the position information to identify all the virtual function tables and to move them to the read-only area of memory.Then instrumenting identifier at top of the read-only page of memory in where the virtual function table located.To those cannot be moved into the read-only area of memory require for backuping the original virtual function table pointers and the virtual function pointers.Finally,detecting the existence of virtual function table identifier when virtual function dispatchs to finish the detection of the virtual function table's integrity in read-only area.Or detecting the consistency of backup and current pointer data to finish the detection of the virtual function table's integrity in writable area.The program is subject to the virtual function table hijacking attack when the data integrity is corrupted,then terminate the program immediately.Finally,the defense solution is verified by using SPEC benchmarks as well as Firefox,Chrome,IE browser.Experiments show that the solution can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility. |
PDF Full Text Request