ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (8): 1829-1849.doi: 10.7544/issn1000-1239.2016.20150526

Previous Articles     Next Articles

Survey of Memory Address Leakage and Its Defense

Fu Jianming1,2,3, Liu Xiuwen1,2, Tang Yi1,2,Li Pengwei1,2   

  1. 1(Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072);2(School of Computer Science, Wuhan University, Wuhan 430072);3(State Key Laboratory of Software Engineering (Wuhan University), Wuhan 430072)
  • Online:2016-08-01

Abstract: With memory address leakage, an attacker can bypass ALSR(address space layout randomization) mechanism, deploy ROP(return-oriented programming) chains to close the DEP (data execution prevention), and divert the program to execute Shellcode. With regard to memory address leakage, this paper gathers the related information of vulnerability instances, presents the classification of vulnerabilities resulting in memory address leakage based on the procedure of memory leakage. The paper analyzes all kinds of illegal operations of pointer or object which cause the operation of cross-border memory access, as well as side-channel information leakage.In the meantime, this paper divids the defense methods of memory address leakage into four categories according to the procedure of memory corruption attacks, including memory layout randomization, object border protection, object content protection, and the critical address information randomization. And these protections make memory layout vague, memory object unavailable, memory object unreadable and critical memory address untraceable. Finally, this paper points out that we need to provide support of memory layout randomization, fine-grained memory address randomization and object content protection in perspective of programming design, adapting the operating system to establish collaborative defense mechanism in order to build robust defense system in depth.

Key words: advanced persistent threat (APT), memory corruption, memory address leakage, address space layout randomization (ASLR), border protection

CLC Number: