Software diversification method based on binary rewriting
Software diversity is an effective defense against code-reuse attacks, but most existing software diversification technologies are based on source code.Obtaining program source code may be difficult, while binary files are challenging to disassemble accurately and distinguish between code pointers a...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2023-04-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023024 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529719496900608 |
|---|---|
| author | Benwei HE Yunfei GUO Yawen WANG Qingfeng WANG Hongchao HU |
| author_facet | Benwei HE Yunfei GUO Yawen WANG Qingfeng WANG Hongchao HU |
| author_sort | Benwei HE |
| collection | DOAJ |
| description | Software diversity is an effective defense against code-reuse attacks, but most existing software diversification technologies are based on source code.Obtaining program source code may be difficult, while binary files are challenging to disassemble accurately and distinguish between code pointers and data constants.This makes binary file diversification difficult to generate high levels of randomization entropy, and easily compromised by attackers.To overcome these challenges, a binary file oriented software diversification method was proposed based on static binary rewriting technology, namely instruction offset randomization.This method inserted NOP instructions of varying byte lengths before program instructions with a certain probability, reducing the number of unintended gadgets in the program and randomly offsetting the original instruction address.This disrupts the program’s original memory layout and increases the cost of code-reuse attacks.At the same time, an optimization strategy based on hot code was designed for this method.The execution times of basic blocks in binary files were obtained by dynamic pile insertion, so as to adjust the NOP instruction insertion probability in each basic block.The higher the execution frequency, the fewer NOP instructions were inserted into the basic block, which can ensure lower performance overhead and produce higher randomization entropy.In the experimental part, the SPEC benchmark program was used to test the optimized method from the aspects of performance overhead, gadget survival rate and file size.The results show that a 15% insertion probability achieves the best effect, with an average gadget survival rate of less than 1.49%, increasing attackers’ difficulty in reusing the same gadget attack chain.Furthermore, only a 4.1% operation overhead and 7.7% space overhead are added, maintaining high levels of security. |
| format | Article |
| id | doaj-art-8f9b27ffbf15439cb14bd544c16ce696 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2023-04-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-8f9b27ffbf15439cb14bd544c16ce6962025-01-15T03:16:20ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2023-04-0199410359576222Software diversification method based on binary rewritingBenwei HEYunfei GUOYawen WANGQingfeng WANGHongchao HUSoftware diversity is an effective defense against code-reuse attacks, but most existing software diversification technologies are based on source code.Obtaining program source code may be difficult, while binary files are challenging to disassemble accurately and distinguish between code pointers and data constants.This makes binary file diversification difficult to generate high levels of randomization entropy, and easily compromised by attackers.To overcome these challenges, a binary file oriented software diversification method was proposed based on static binary rewriting technology, namely instruction offset randomization.This method inserted NOP instructions of varying byte lengths before program instructions with a certain probability, reducing the number of unintended gadgets in the program and randomly offsetting the original instruction address.This disrupts the program’s original memory layout and increases the cost of code-reuse attacks.At the same time, an optimization strategy based on hot code was designed for this method.The execution times of basic blocks in binary files were obtained by dynamic pile insertion, so as to adjust the NOP instruction insertion probability in each basic block.The higher the execution frequency, the fewer NOP instructions were inserted into the basic block, which can ensure lower performance overhead and produce higher randomization entropy.In the experimental part, the SPEC benchmark program was used to test the optimized method from the aspects of performance overhead, gadget survival rate and file size.The results show that a 15% insertion probability achieves the best effect, with an average gadget survival rate of less than 1.49%, increasing attackers’ difficulty in reusing the same gadget attack chain.Furthermore, only a 4.1% operation overhead and 7.7% space overhead are added, maintaining high levels of security.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023024software diversitybinary rewritingNOP insertioncode-reuse attack |
| spellingShingle | Benwei HE Yunfei GUO Yawen WANG Qingfeng WANG Hongchao HU Software diversification method based on binary rewriting 网络与信息安全学报 software diversity binary rewriting NOP insertion code-reuse attack |
| title | Software diversification method based on binary rewriting |
| title_full | Software diversification method based on binary rewriting |
| title_fullStr | Software diversification method based on binary rewriting |
| title_full_unstemmed | Software diversification method based on binary rewriting |
| title_short | Software diversification method based on binary rewriting |
| title_sort | software diversification method based on binary rewriting |
| topic | software diversity binary rewriting NOP insertion code-reuse attack |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2023024 |
| work_keys_str_mv | AT benweihe softwarediversificationmethodbasedonbinaryrewriting AT yunfeiguo softwarediversificationmethodbasedonbinaryrewriting AT yawenwang softwarediversificationmethodbasedonbinaryrewriting AT qingfengwang softwarediversificationmethodbasedonbinaryrewriting AT hongchaohu softwarediversificationmethodbasedonbinaryrewriting |