| With the rapid growth of the information world,system and software security seem to be related to national security.Over the past decade many exploit mitigation techniques have been introduced to defend against memory corruption attacks.W"X,ASLR,and canary-based protections are nowadays widely deployed and considered standard practice.However,despite the fact that these techniques have evolved over time,they still suffer from limitations that enable skilled adversaries to bypass them.In this paper,we start from the Canary-based Stack Smashing Protection.First,we analyze the principle of the commonly used canary-based protections and discuss their shortages from the perspective of strengths and granularities of the protection mechanism.Then we indicate that not only forking programs suffer from brute force attacks that can be exploited to obtain verification information,but also general applications have the risk of verifying information being cracked.Based on this fact,we randomize the verification information before the functions return.With this mechanism,it is ensured that the verification information stored in each function frame are independent of each other.In response to this mechanism,we implemented a source-based automation tool.The compiler-based tool consists of a plugin for the GNU Compiler Collection(GCC)and a position independent(PIC)dynamic shared library that gets linked with the running application via LD_PRELOAD.The main work of the plugin is that when the source code is compiled,it will insert instructions to set and check the verification information.The dynamic shared library includes a number of functions which provide support for protection mechanisms,it also contains signal handle functions,log functions and library functions that needs to be hooked.These two modules guarantee that our protection mechanism can effectively detect malicious attacks when the program is running,and can effectively hide the verification information when the function return. |
PDF Full Text Request