基于地址随机和段隔离的全局偏移表保护方法

doi:10.11772/j.issn.1001-9081.2016.07.1852

计算机应用 ›› 2016, Vol. 36 ›› Issue (7): 1852-1855.DOI: 10.11772/j.issn.1001-9081.2016.07.1852

基于地址随机和段隔离的全局偏移表保护方法

林键^1,2, 郭玉东^1,2, 周少皇^1,2

1. 信息工程大学, 郑州 450001;
2. 数学工程与先进计算国家重点实验室(信息工程大学), 郑州 450001

收稿日期:2015-12-02 修回日期:2016-03-03 发布日期:2016-07-14 出版日期:2016-07-10
通讯作者: 林键
作者简介:林键(1989-),男,四川内江人,硕士研究生,主要研究方向:信息安全;郭玉东(1964-),男,河南太康人,教授,硕士,主要研究方向:操作系统、虚拟化;周少皇(1990-),男,河南郑州人,硕士研究生,主要研究方向:信息安全。

Protection method for global offset table based on address randomization and segment isolation

LIN Jian^1,2, GUO Yudong^1,2, ZHOU Shaohuang^1,2

1. Information Engineering University, Zhengzhou Henan 450001, China;
2. State Key Laboratory of Mathematical Engineering and Advanced Computing (Information Engineering University), Zhengzhou Henan 450001, China

Received:2015-12-02 Revised:2016-03-03 Online:2016-07-14 Published:2016-07-10

摘要/Abstract

摘要： 在可执行和可链接格式（ELF）的可执行程序中，存在一个全局偏移表（GOT），用于存放引用库函数的绝对地址，但是在Linux系统中，GOT解引用和GOT覆写是两种比较常用的漏洞利用方法。通过分析GOT的特性，提出并实现了基于地址随机和段隔离的GOT保护方法。通过修改Linux的可执行程序加载器，将与GOT有数据指向关系的节均加载到随机内存地址；同时使用段隔离技术，对GOT的代码引用的指令使用一个新的段寄存器进行间接引用。实验结果证明，该方法不仅能够有效地防御针对GOT的漏洞利用方法，而且性能损耗极低，只有平均2.9 ms的额外开销。

关键词: 全局偏移表保护, 地址随机, 段隔离, 全局偏移表解引用, 全局偏移表覆写

Abstract: In an Executable and Linkable Format (ELF) executable program, Global Offset Table (GOT) was used to store the absolute addresses of library functions. But in Linux operation system, GOT dereference and GOT overwrite are two common vulnerability exploit methods. Through analyzing the GOT feature, a protection method for GOT based on address randomization and segment isolation was proposed and implemented. With modifying the ELF loader program, all sections which pointed to the GOT were loaded into random memory addresses. Using segment isolation technology, all instructions with reference to GOT used a new segment register. The experimental results prove that the proposed method can not only defense against the exploit method of GOT effectively, but also has a very low cost of average 2.9 milliseconds.

Key words: Global Offset Table (GOT) protection, address randomization, segment isolation, GOT dereference, GOT overwrite

中图分类号:

TP309.2

林键, 郭玉东, 周少皇. 基于地址随机和段隔离的全局偏移表保护方法[J]. 计算机应用, 2016, 36(7): 1852-1855.

LIN Jian, GUO Yudong, ZHOU Shaohuang. Protection method for global offset table based on address randomization and segment isolation[J]. Journal of Computer Applications, 2016, 36(7): 1852-1855.

参考文献

[1] TEAM PAX. PaX address space layout randomization[EB/OL].[2003-03-15]. https://pax.grsecurity.net/docs/aslr.txt.
[2] Wikipedia. Data execution prevention[EB/OL].[2015-03-12]. https://en.wikipedia.org/wiki/Data_Execution_Prevention.
[3] MARCO-GISBERT H, RIPOLL I. On the effectiveness of full-ASLR on 64-bit Linux[EB/OL].[2015-11-20]. http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf.
[4] ROGLIA G F, MARTIGNONI L, PALEARI R, et al. Surgically returning to randomized lib(c)[C]//ACSAC'09:Proceedings of the 2009 Annual Computer Security Applications Conference. Piscataway, NJ:IEEE, 2009:60-69.
[5] Open Security Group. How to hijack the global offset table with pointers for root shells[EB/OL].[2015-04-04]. http://www.open-security.org/texts/6.
[6] DAVI L, SADEGHI A R, LEHMANN D, et al. Stitching the gadgets:on the ineffectiveness of coarse-grained control-flow integrity protection[C]//SEC'14:Proceedings of the 23rd USENIX Security Symposium. Berkeley, CA:USENIX Association, 2014:401-416.
[7] KLEIN T. A Bug Hunter's Diary:a Guided Tour Through the Wilds of Software Security[M]. San Francisco:No Starch Press, 2011:183-185.
[8] KLEIN T. RELRO-A (not so well known) memory corruption mitigation technique[EB/OL].[2015-02-21]. http://tk-blog.blogspot.jp/2009/02/relro-not-so-well-known-memory.html.
[9] ZHANG C, DUAN L, WEI T, et al. SecGOT:secure global offset tables in ELF executables[C]//Proceedings of the 2013 International Conference on Computer Science and Electronics Engineering. Amsterdam:Atlantis Press, 2013:995-998.
[10] XU J, KALBARCZYK Z, IYER R K. Transparent runtime randomization for security[C]//Proceedings of the 22nd International Symposium on Reliable Distributed Systems. Piscataway, NJ:IEEE, 2003:260-269.
[11] Tool Interface Standards Committee. Executable and Linkable Format (ELF)[EB/OL].[2015-04-01]. http://www.cs.cmu.edu/afs/cs/academic/class/15213-f00/docs/elf.pdf.
[12] ARGYROUDIS P, GLYNOS D. Protecting the core:kernel exploitation mitigations[EB/OL].[2015-05-17]. http://census.gr/media/bheu-2011-wp.pdf.
[13] CVE Details. Vulnerability details:CVE-2013-2028[EB/OL].[2013-07-19]. http://www.cvedetails.com/cve/2013-2028.
[14] MACMANUS G, HAL, SAELO. Nginx HTTP Server 1.3.9-1.4.0 chunked encoding stack buffer overflow[EB/OL].[2015-10-24]. http://www.rapid7.com/db/modules/exploit/linux/http/nginx_chunked_size.
[15] ROEMER R, BUCHANAN E, SHACHAM H, et al. Return-oriented programming:systems, languages, and applications[J]. ACM Transactions on Information and System Security, 2012, 15(1):Article No. 2.
[16] HENNING J L. SPEC CPU2006 benchmark descriptions[J]. ACM SIGARCH Computer Architecture News, 2006, 34(4):1-17.

基于地址随机和段隔离的全局偏移表保护方法

Protection method for global offset table based on address randomization and segment isolation

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	佘维马天祥冯海格田钊刘炜. 基于合约调用掩盖下的区块链隐蔽通信方法[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[2]	赵振皓, 张仕斌, 万武南, 张金全, 秦智. 基于信誉值和强盲签名算法的委托权益证明共识算法[J]. 《计算机应用》唯一官方网站, 2024, 44(12): 3717-3722.
[3]	张宏扬张淑芬谷铮. 面向个性化与公平性的联邦学习算法fedPF[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[4]	彭海洋计卫星刘法旺. 基于区块链的自动驾驶仿真测试数据存证模型[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[5]	颜新月, 杨淑群, 高永彬. 基于证据增强与多特征融合的文档级关系抽取[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3379-3385.
[6]	陈学斌, 屈昌盛. 面向联邦学习的后门攻击与防御综述[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3459-3469.
[7]	林翔, 金彪, 尤玮婧, 姚志强, 熊金波. 基于脆弱指纹的深度神经网络模型完整性验证框架[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3479-3486.
[8]	张帅华, 张淑芬, 周明川, 徐超, 陈学斌. 基于半监督联邦学习的恶意流量检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(11): 3487-3494.
[9]	杜晓玉, 刘帅起, 韩志杰, 霍振祥, 王玉璟. 以患者为中心基于IPFS和区块链的医疗信息共享方案[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 3122-3133.
[10]	张欢, 王静宇, 刘立新, 姜晓宇. 双重授权的多组织协同数据共享方案[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 3307-3314.
[11]	陈学斌, 单丽洋, 郭如敏. 基于差分隐私的直方图发布方法综述[J]. 《计算机应用》唯一官方网站, 2024, 44(10): 3114-3121.
[12]	李道全徐正陈思慧刘嘉宇. 融合变分自编码器与自适应增强卷积神经网络的网络流量分类模型[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[13]	马海峰蔡杰伟薛庆水杨家海韩静卢子譞. 基于格的后量子无证书公共审计方案[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[14]	王利娥林彩怡李永东傅星珵李先贤. 基于区块链的数字内容版权保护和公平追踪方案[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[15]	任志强陈学斌. 基于历史模型更新的自适应防御机制FedAud[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.