A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving

碩士 === 國立中正大學 === 資訊工程研究所 === 107 === In the arm race between protection and exploitation on leveraging memory corruption, return-to-dl-resolve exploit provide attackers another way to invoke arbitrary library functions. This exploitation later has evolved into a powerful exploitation because of R...

Full description

Bibliographic Details
Main Authors: CHANG, YU-TUNG, 張宇彤
Other Authors: LIN, PO-CHING
Format: Others
Language:en_US
Published: 2019
Online Access:http://ndltd.ncl.edu.tw/handle/22pk2s
id ndltd-TW-107CCU00392048
record_format oai_dc
spelling ndltd-TW-107CCU003920482019-11-01T05:28:38Z http://ndltd.ncl.edu.tw/handle/22pk2s A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving CHANG, YU-TUNG 張宇彤 碩士 國立中正大學 資訊工程研究所 107 In the arm race between protection and exploitation on leveraging memory corruption, return-to-dl-resolve exploit provide attackers another way to invoke arbitrary library functions. This exploitation later has evolved into a powerful exploitation because of Return Oriented Programming (ROP). Recently, return-to-dl-resolve exploit can even bypass common protections such as Address Space Layout Randomization (ASLR) and RELocation Read Only (RELRO). There are two problems: indexing out-of-bound relocation entry and accessible linking information structures. Recent mitigation strategies are based on compiler assistance or eager binding. These compiler based mitigation strategies focus on protecting single binaries because the dynamic linker may not be secure enough. In this work, we present a lightweight protection mechanism against abusing dynamic function resolving. Our solution sets up the boundary checking and hides the linking information structures to prevent the dynamic linker from resolving functions with fake structures. Compared with eager binding, our solution is more flexible on the binding issue, both for partial RELRO and full RELRO. This solution features quick deployment and modularity support through hardening the dynamic linker, and the performance overhead is negligible. LIN, PO-CHING 林柏青 2019 學位論文 ; thesis 35 en_US
collection NDLTD
language en_US
format Others
sources NDLTD
description 碩士 === 國立中正大學 === 資訊工程研究所 === 107 === In the arm race between protection and exploitation on leveraging memory corruption, return-to-dl-resolve exploit provide attackers another way to invoke arbitrary library functions. This exploitation later has evolved into a powerful exploitation because of Return Oriented Programming (ROP). Recently, return-to-dl-resolve exploit can even bypass common protections such as Address Space Layout Randomization (ASLR) and RELocation Read Only (RELRO). There are two problems: indexing out-of-bound relocation entry and accessible linking information structures. Recent mitigation strategies are based on compiler assistance or eager binding. These compiler based mitigation strategies focus on protecting single binaries because the dynamic linker may not be secure enough. In this work, we present a lightweight protection mechanism against abusing dynamic function resolving. Our solution sets up the boundary checking and hides the linking information structures to prevent the dynamic linker from resolving functions with fake structures. Compared with eager binding, our solution is more flexible on the binding issue, both for partial RELRO and full RELRO. This solution features quick deployment and modularity support through hardening the dynamic linker, and the performance overhead is negligible.
author2 LIN, PO-CHING
author_facet LIN, PO-CHING
CHANG, YU-TUNG
張宇彤
author CHANG, YU-TUNG
張宇彤
spellingShingle CHANG, YU-TUNG
張宇彤
A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
author_sort CHANG, YU-TUNG
title A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
title_short A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
title_full A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
title_fullStr A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
title_full_unstemmed A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
title_sort lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
publishDate 2019
url http://ndltd.ncl.edu.tw/handle/22pk2s
work_keys_str_mv AT changyutung alightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving
AT zhāngyǔtóng alightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving
AT changyutung lightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving
AT zhāngyǔtóng lightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving
_version_ 1719285071564767232