Research On Dynamic Detection Method Of Control Flow Hijacking Attack

Today's computer systems play an indispensable role in people's daily life and work,while providing convenience and greatly improving production efficiency.As computer systems become more involved in today's society,the consequences of their security problems will become more serious.There are endless attacks against computer systems.Control flow hijacking attacks are one of the most widely used and most harmful types.For the purpose of preventing control flow hijacking attacks,this thesis attempts to study a software security protection system that can dynamically monitor the integrity of control flow while the program is running.The system's control flow integrity check of software is implemented based on code instrumentation.In order to facilitate the subsequent work,this thesis first develops a platform for software instrumentation,integrates existing instrumentation tools into the platform,and encapsulates different tools in the form of a unified interface for subsequent instrumentation code writing.Based on these tools,the platform itself provides detection programs for some common vulnerability types,which can be used for simple runtime vulnerability early warning.In addition,this thesis proposes a dynamic control flow integrity detection scheme based on dynamic symbolic execution detection and taint analysis.The solution based on dynamic symbolic execution is to try to use the dynamic symbolic execution to obtain the complete control flow diagram of the target detection program,perform semantic analysis on the obtained control flow diagram and the assembly instructions corresponding to the program to extract an indirect jump during program execution whitelist.On this basis,the corresponding instrumentation code is customized according to the instruction type of the indirect jump in the program and the format of parameter passing.The instrumented code dynamically detects indirect jumps which reading memory and register contents through a white list.In order to alleviate the existing bottleneck of symbolic execution technology,this thesis proposes a method based on taint analysis as a supplementary detection scheme.The instrumentation code marks the external input of the program as a taint and marks the taint propagation during the running of the program.When the indirect jump instruction is executed,instrumentation code detects whether the jump content is tainted.If it is a taint,it indicates that the jump target has been affected by external input.In the end,this thesis verifies the feasibility of the platform and its control flow protection method through a sample of vulnerable software,tests the time and memory overhead during the implementation of the solution,and changes in program running efficiency after instrumentation.The reasons for the experimental results are analyzed,and the existing deficiencies are pointed out.