A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving
碩士 === 國立中正大學 === 資訊工程研究所 === 107 === In the arm race between protection and exploitation on leveraging memory corruption, return-to-dl-resolve exploit provide attackers another way to invoke arbitrary library functions. This exploitation later has evolved into a powerful exploitation because of R...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2019
|
Online Access: | http://ndltd.ncl.edu.tw/handle/22pk2s |
id |
ndltd-TW-107CCU00392048 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-107CCU003920482019-11-01T05:28:38Z http://ndltd.ncl.edu.tw/handle/22pk2s A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving CHANG, YU-TUNG 張宇彤 碩士 國立中正大學 資訊工程研究所 107 In the arm race between protection and exploitation on leveraging memory corruption, return-to-dl-resolve exploit provide attackers another way to invoke arbitrary library functions. This exploitation later has evolved into a powerful exploitation because of Return Oriented Programming (ROP). Recently, return-to-dl-resolve exploit can even bypass common protections such as Address Space Layout Randomization (ASLR) and RELocation Read Only (RELRO). There are two problems: indexing out-of-bound relocation entry and accessible linking information structures. Recent mitigation strategies are based on compiler assistance or eager binding. These compiler based mitigation strategies focus on protecting single binaries because the dynamic linker may not be secure enough. In this work, we present a lightweight protection mechanism against abusing dynamic function resolving. Our solution sets up the boundary checking and hides the linking information structures to prevent the dynamic linker from resolving functions with fake structures. Compared with eager binding, our solution is more flexible on the binding issue, both for partial RELRO and full RELRO. This solution features quick deployment and modularity support through hardening the dynamic linker, and the performance overhead is negligible. LIN, PO-CHING 林柏青 2019 學位論文 ; thesis 35 en_US |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立中正大學 === 資訊工程研究所 === 107 === In the arm race between protection and exploitation on leveraging memory corruption, return-to-dl-resolve exploit provide attackers another way to invoke arbitrary library functions. This exploitation later has evolved into a powerful exploitation because of Return Oriented Programming (ROP). Recently, return-to-dl-resolve exploit can even bypass common protections such as Address Space Layout Randomization (ASLR) and RELocation Read Only (RELRO). There are two problems: indexing out-of-bound relocation entry and accessible linking information structures. Recent mitigation strategies are based on compiler assistance or eager binding. These compiler based mitigation strategies focus on protecting single binaries because the dynamic linker may not be secure enough. In this work, we present a lightweight protection mechanism against abusing dynamic function resolving. Our solution sets up the boundary checking and hides the linking information structures to prevent the dynamic linker from resolving functions with fake structures. Compared with eager binding, our solution is more flexible on the binding issue, both for partial RELRO and full RELRO. This solution features quick deployment and modularity support through hardening the dynamic linker, and the performance overhead is negligible.
|
author2 |
LIN, PO-CHING |
author_facet |
LIN, PO-CHING CHANG, YU-TUNG 張宇彤 |
author |
CHANG, YU-TUNG 張宇彤 |
spellingShingle |
CHANG, YU-TUNG 張宇彤 A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
author_sort |
CHANG, YU-TUNG |
title |
A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
title_short |
A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
title_full |
A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
title_fullStr |
A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
title_full_unstemmed |
A lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
title_sort |
lightweight protection mechanism for preventing exploitation through abusing dynamic function resolving |
publishDate |
2019 |
url |
http://ndltd.ncl.edu.tw/handle/22pk2s |
work_keys_str_mv |
AT changyutung alightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving AT zhāngyǔtóng alightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving AT changyutung lightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving AT zhāngyǔtóng lightweightprotectionmechanismforpreventingexploitationthroughabusingdynamicfunctionresolving |
_version_ |
1719285071564767232 |