Research And Implementation Of ROP Defense Technology Based On Static Compilation

As a strategic resource,binary software vulnerabilities are widely used in network security attack and defense confrontation.With the implementation of security mechanisms such as W?X security model on computer systems,ROP attacks have become an essential part of binary software exploits.How to defend against ROP attacks has important research significance.Researchers have proposed a variety of defense techniques for ROP attacks,classified as: based on dynamic monitoring,based on randomization and based on static compilation.Although the existing ROP attack defense technology can defend against ROP attacks to a certain extent,there are still defects.The ROP attack defense technology based on dynamic monitoring can defend against ROP attacks during the running of the software;however,because of its dependence on subjective thresholds,the reliability of the test results is not high;and because additional tests are performed while the program is running,the performance of the program has a greater impact.The randomized ROP attack defense technology randomizes the address and instruction of the program instructions to make the attacker unable to obtain the necessary conditions for implementing the ROP attack;but the degree of randomization is not high and some codes cannot be randomized,so that the defense effect of the technology is limited.The ROP attack defense technology based on static compilation defends against ROP attacks by controlling the compilation and generation of program code;however,this technology requires auxiliary information such as source code and the existing technology has some defects that cannot be supported by some codes.The goal of this paper is based on statically compiled ROP attack defense technology.The main work and innovations include the following aspects:First,the principle of ROP attack and the existing defense techniques are analyzed.The source of the basic unit gadget of ROP attack technology and the characteristics of ROP attack technology are summarized.Combined with the analysis of the function calling convention and the principle of system call,especially the association between parameter registers and preserved register,this paper proposes a ROP attack defense technology based on static compilation.The core of this technology is to eliminate the unintended gadget in the program and destroy the conventional gadget in the program.Secondly,based on the principles of ROP attack and function calling convention,it is proved theoretically that destroy the function of the conventional gadget can effectively defend against ROP attack.Based on the Binary dynamic instrumentation framework Pin,this paper designs and implements the dynamic monitoring ROP attack defense system,which prove that theory is effective in practical.Third,based on the highly modular compiler framework LLVM,a compiler prototype capable of compiling a program that effectively defends against ROP attacks is designed.The experimental results show that the ROP attack defense technology proposed in this paper can effectively defend against the normal operation of the program and won't affect tht normal performance of the program.In general,the static compilation-based ROP attack defense technology proposed in this paper provides ideas and feasible solutions for defending ROP attacks.At the same time,it provides a new method for compiler security extension,and has improved compiler security performance inss certain meaning.