Defence Aginst JIT-ROP Based On Dynamic Randomization And Executable Only Memory

Computer software technology has greatly promoted the process of social information and the increasingly rich software ecosystem has provided great convenience for both our production and daily life. However, while providing convenience, due to the potential design flaws and vulnerabilities included in the software that can be exploited by the attacker to perform arbitrary malicious behavior, the computer software itself can also be a potential threat to the security of our personal and corporate information. As a result, information security, especially software security has been becoming more and more important with the increasingly rich software ecosystem.JIT-ROP, as a more advanced code reuse attack, has been a hotspot in recent years within the academic circle. In this paper we first analyze the principle, characteristics and limitations of ROP attacks, and then we propose and implement a defense mechanism called Chameleon. The Chameleon defense mechanism combines Instruction-Fetch (?) Memory-Access with Dynamic Address Space Randomization. By either avoiding an attacker from directly read code pages from process’s address space using method of memory disclosure, or making the historical information about the process’s address space layout invalid before it can be put into use by the attacker, Chameleon can effectively defeat JIT-ROP attack. In addition, The Chameleon can coexist with other existing defense mechanism, such as, W(?)X and ASLR and it can also be enforced by using "CFI-like" defense mechanism without introducing additional performance loss.Our theoretical analysis and experiments show that Chameleon can successfully defeat code reuse attacks represented by JIT-ROP. And the experimental results show that the Chameleon only introduce acceptable performance overhead between 14.3% and 18.6% on average. What’s more, Chameleon was implemented with static binary instrumentation and a customed Linux kernel, which does not require source code or specific hardware support, so it has better deployment ability and portability.