Code-Reuse Attack Detection And Defense Based On Dynamic Binary Translation Framework

With the development of computer, more sophisticated software are designed todeal with complicated work. Because of the size and the complexity of software, thereare always many vulnerabilities in software and there are real threats to user.Most ofattacks on software aim at changing the behavior of programs or controlling themachine. In the early, attackers always try to inject malicious codes into existingprograms to exploit various vulnerabilities of software. The injected code can’t beleveraged to launch attacks anymore, because the memory protection mechanisms areadopted in the design of CPU and operating systems.However, the code-reuse attackscan bypass the memory protection mechanisms because no codes need to be injected.The danger of code-reuse attacks has been shown on various platforms and operatingsystems. A little number of defenses have been proposed to detect or preventcode-reuse attacks.And these defenses have some disadvantages such as, the highperformance overhead, requiring the source code of software, detecting incompletelyetc. How to effectively detect and defense the code-reuse attack becomes an openproblem in security field.To ameliorate these problems, we research and construct ROP-based andJOP-based attacks, analyze the feature of code-reuse attacks, summarize thedeficiency of contemporary methods for defending the code-reuse attacks,thenpropose a solution for detecting the code-reuse attack dynamically. Based on thedynamic binary translation framework FastBT, we present an effective instrumentiontool DCRA against code-reuse attacks. To keep the program running correctly,safelyand effectively,we introduce the shadow stack to check the return address, present thecontrol transferred detection to against JOP attacks, propose the reauthenticationmechanism to handle the exception,designed the performance optimization for DCRA.The experimental results show that DCRA can effectively prevent againstcode-reuse malicious attacks and the code injection attacks based on the bufferoverflow, at the same time it induces a low performance overhead and makes up thelimitations of existed researches.