ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2016, Vol. 53 ›› Issue (10): 2277-2287.doi: 10.7544/issn1000-1239.2016.20160423

Special Issue: 2016网络空间共享安全研究进展专题

Previous Articles     Next Articles

A Code Reuse Attack Protection Technique Based on Code Anti-Leakage

Wang Ye, Li Qingbao, Zeng Guangyu, Chen Zhifeng   

  1. (PLA Information Engineering University, Zhengzhou 450001) (State Key Laboratory of Mathematical Engineering and Advanced Computing (PLA Information Engineering University), Zhengzhou 450001)
  • Online:2016-10-01

Abstract: As the address space layout randomization (ASLR) is widely deployed on operating systems, traditional code reuse attacks are suppressed. New code reuse attacks analyze program memory layout through information leak to bypass ASLR, which causes a serious threat to the safety of programs. By analyzing the nature of traditional code reuse attacks and new code reuse attacks, we propose a code reuse attack protection technique VXnR based on code anti-leakage. In this method, we set Execute-no-Read (XnR) permission for the code pages of the target process so that code can be properly executed by the processor, but a read operation is controlled according to the content in the physical page to be accessed, which can prevent attackers from maliciously reading code pages of process to search gadgets by using the information disclosure vulnerability, and defense both traditional code reuse attacks and new code reuse attacks. We have developed a prototype of VXnR and implemented it in a virtual machine monitor Bitvisor. We also evaluate the effectiveness and performance overhead of our approach by comprehensive experiments. The experimental results show that VXnR can effectively prevent attackers from exploiting executable code of the target process to launch code reuse attacks with less than 52.1% overhead.

Key words: address space layout randomization (ASLR), code reuse attack, program security, information leaks, virtualization

CLC Number: