Research And Improvement Of Runtime Randomization Defense Method Against Memory Information Leakage

Runtime randomization is a kind of defense against code reuse attacks based on memory information leakage.It makes the memory layout elusive to attacker and thus,harder to mount code reuse attack.Present method TASR identifies the pair appearing of write/read operation as the trigger condition of randomization procedure.However,the trigger criteria is loose,so that the writes with no risk leads to unnecessary randomization,which introduces extra performance overhead.Performance degradati-on of I/O-intensive programs are more significant.In this thesis,the runtime randomization defense method against memory information leakage is revisited and the trigger condition is refined.With less randomization,the defense runs with equal security and less overhead.The main work is as follows:(1)Different types of memory layout information leakage and randomization-based defense are reviewed,especially the online overhead of existing runtime randomization method and unnecessary randomization triggers.The trigger condition of TASR is as follow:When a read followed by one or more writes,the randomization should be proceeded.With this criteria,benign writes also trigger randomization.(2)To refine the trigger condition,the concept of secure sensitive region(SSR)is defined.Writes only trigger randomization when they target SSR.In addition,the analysis and extraction methods of SSR,as well as the running check method are proposed.The S SR is an area that is critical for attackers to restore the program's memory layout.Write operation to these areas is risky.Whether the region accessed by write operation intersects with SSR is key to differentiate safe operations from risky ones.(3)By checking segment table and section table of object file and adding hooks to system call related to load/unload operations,SSR can be determined.And then monitoring input/output operations to decide whether triggering the randomization or not,a prototype defense is implemented incorporates all methods mentioned above.Theoretical analysis proves that the new method can be as secure as TASR.The experimental results of Nginx show that the improved method can significantly reduce the overhead of the original method on I/O-intensive programs.