Research On ASLR Automatic Bypass Method Based On Information Leakage

Address space layout randomization(ASLR)is an effective means to prevent attackers from attacking information systems through software vulnerabilities,and has been widely deployed in various operating systems.However,as technology advances,attackers can still bypass ASLR defenses and successfully exploit through information leakage and other methods.Studying the automatic bypass method of the ASLR mechanism can help vulnerability analysts quickly locate the exploit path that can bypass ASLR,so as to design targeted defense strategies.However,the existing ASLR automatic bypass method is still in its infancy,and there are problems that the source code relies heavily on the source code or cannot generate runnable code,and it is difficult to effectively apply to real software.Based on the in-depth analysis of the operating principle of the ASLR,this paper studies and designs an automatic ASLR bypass method based on information leakage in view of the limitations of the existing bypass technology.The main research contents and results are as follows:(1)The ASLR automatic bypass framework based on information leakage is proposed.First,it analyzes the implementation principle of the existing ASLR mechanism and its bypass method.Then,according to the bypass method,the existing bypass methods are classified and compared,and the limitations of the existing artificial information leakage methods are analyzed.Finally,the ASLR automatic bypass framework based on information leakage is proposed to provide support for subsequent automatic information leakage and ASLR automatic bypass verification methods.(2)An automatic information leakage method based on primitive combination is proposed.First,an information leakage model based on deterministic finite automata is proposed.It explains the exploit primitives and heap operation primitives that need to be used in the definition.Then,each state in the model was described,and the event input,constraint conditions,and program behavior required for each state transition were clarified.Finally,corresponding information leakage modes are established for the three memory corruption vulnerabilities,and the information leakage points are activated by combining primitives according to the information leakage mode.Experimental data shows that for CTF binary programs,this information leakage method can effectively leak the actual loading address of library functions.(3)A multi-step ASLR automatic bypass verification method is proposed and implemented.First,the multi-step ASLR automatic bypass verification framework was designed and explained,and the key processes in the verification method were clarified.Secondly,a method for processing leaked information based on feature matching is proposed,which can effectively receive and filter the leaked data obtained in the process of information leak,and further process the leaked data according to the leak target to obtain key address information.Finally,an automatic bypass verification method is designed and implemented.Under the guidance of the two methods mentioned above,the key modules in the method are designed and implemented.Experimental data shows that this automatic verification method can generate executable scripts that can automatically bypass the ASLR mechanism and exploit vulnerabilities for CTF binary programs.