Abstract:
Randomization method is widely applied into practice for protecting the program from attacks. There are two limitations in existing randomization techniques. One is that they are coarse-grained, as such they may fail to defend the attacks caused by maliciously fabricating the inner variable in function/struct/class. Another limitation is that existing randomization techniques ignore the fact that majority of the attacks leverage the input data to fabricate the sensitive data objects. In this paper, a fine-grained randomization method is proposed to protect programs based on an enhanced safety structure. These techniques will reorder the encapsulated structure (function, struct, class) layout. In addition, this method extracts input-related array and separates the array by inserting the guard between them. The randomization approach not only applies the randomization techniques into function/struct/class to foil a number of attacks, but also extracts the input-related array and inserts the guard to prevent them from being maliciously crafted. As an enhancement to existing randomization techniques, this method is able to protect the programs from both control-flow attacks and non-control-flow attacks. This technique has been implemented in the open source compiler GCC, and the experimental results show that the approach can effectively detect the real world attacks and has low performance overhead.