| With the rapid development of information technology and wide use of network, software systems are playing more and more important roles in social life. Meanwhile, there are various kinds of vulnerabilities in software systems, especially in legacy software systems. By exploiting these vulnerabilities, attackers can hijack normal control flows and redirect them to malicious code prepared previously.Return-Oriended Programming (ROP) is a new kind of attacking technique. Instead of injecting malicious code, ROP attacks make use of exsiting binary in target systems, e.g., libc, which can successfully bypass "W(?)X" protecting mechanism. ROP’s name comes from the fact that ROP attacks make use of short instruction sequences that end with "ret". ROP has the ability of arbitrary computation because of its fine-graind reuse of exsting binary code.Since ROP was proposed, broad and deep researches on ROP have been done. ROP was implemented on different kinds of hardware and software platforms. ROP that don’t use instruction sequences end with "ret" was proposed. Automation of ROP has been proposed and implemented.Various kinds of detecting and defensing methods was proposed by industry and academia:defensing methods based on removal of buffer overflow vulnerabilities, defensing methods based on protection of return address and function pointer, defensing methods based on randomization, detecting methods based on the feature of ROP attacks, defensing methods based on call convention and defensing methods based on removal of intended and unintended instruction sequences used by ROP. All of the above methods have not been adopted by industry except Address Space Layout Randomization (ASLR).ASLR has been widely used in industry, which can defense ROP attack to some extent. Due to the fact that ASLR can’t randomize the base addresses of none position independent executables and its utility on32-bit architectures is limited by the number of bits available for address randomization, attackers can successfully exploit a target system by using brute force in limited time. Thus, a fine-graind randomization method was introduced in this paper and we called it Function Address Randomization (FAR). FAR can mitigation ROP attacks by random permutation of functions in code segments of binaries, which makes assumption on addresses of short sequences made by attackers incorrect. We gave theoretical analysis and design of FAR. We also implemented a prototype on32-bit x86architecture and Linux operating system.During the exprement, we verified the correctness and effectiveness of FAR, randomized some executables in Linux, made a comparison with ASLR and made an alalysis on the ability of FAR. |
PDF Full Text Request