| With the rapid development of computer technology,computer system security has received more and more attention.Compared with the early code-injection attacks,code-reuse attacks have a variety of attacks and complexity,which poses a great threat to user's computer system security.Code-reuse attacks do not need to inject their own malicious codes into vulnerability programs,they only use existing instruction libraries or executable(legal)instructions in executable files to construct attacks,it thus bypasses a variety of traditional system security protection mechanisms,such as code integrity protection,W?X defense and so on.Code-reuse attacks require two steps: First of all,the attackers extract the available instruction fragments(these instruction fragments are called gadgets)in the existing legal codes,and concatenates these instruction fragments through specific instructions(such as ret instruction);Second,the attackers tamper some control data of a program,such as function pointer or function return address,it can cause the program to jump to the attackers' carefully selected the first functions or instruction fragments to begin to execute the program,thereby it achieves the purpose of the attack.The thesis takes the dynamic binary translator QEMU as a platform to further profile the code-reuse attacks.The thesis designs a technical solution to profile code-reuse attacks based on QEMU,the technical solution records the jump instruction in the program,including the indirect call instruction and the ret instruction's own addresses and target jump addresses,so that the system can detect the occurrence of an attack when the system is attacked by code-reuse attacks in subsequent operations and can profile the target jump addresses where the jump instruction has been tampered.The main work of the thesis is summarized as follows:1.The in-depth study of QEMU's dynamic binary translation technology principle and its TCG(Tiny Code Generator)intermediate code technology,and QEMU takes the basic block as the translation unit and uses the translation cache to cache the translated basic blocks,the thesis designs a technical solution to profile code-reuse attacks.2.Involved in the QEMU's process of translating the target instruction on the source architecture into the TCG intermediate microinstruction,and based on the characteristics of the QEMU that uses the jump instruction as the basic block end instruction,so that the indirect call instruction and the ret instruction can be identified in the QEMU translation process and mark them to record the indirect call instruction and the ret instruction's own addresses and target jump addresses.3.For the case of omission in the process of recording the addresses,the thesis analyzes in detail the optimization techniques in QEMU such as translation cache,accurate exception,and the occurrence of interrupts,and improves and perfects the previously designed technical solution for these optimization techniques.4.The thesis is based on the improved design solution,a prototype system was implemented by modifying the QEMU source codes,and the system was tested for functionality and performance.The test results showed that when the system was attacked by code-reuse attacks,the system could detect the occurrence of attacks and could record and profile the target jump addresses where the jump instruction had been tampered.At the same time,the performance test results showed that the system performance loss was low and within an acceptable range. |
PDF Full Text Request