Chinese Journal of Network and Information Security ›› 2022, Vol. 8 ›› Issue (6): 135-145.doi: 10.11959/j.issn.2096-109x.2022086
• Papers and Reports • Previous Articles Next Articles
Yuning CHI, Yunfei GUO, Yawen WANG, Hongchao HU
Revised:
2021-12-28
Online:
2022-12-15
Published:
2023-01-16
Supported by:
CLC Number:
Yuning CHI, Yunfei GUO, Yawen WANG, Hongchao HU. Software diversity evaluation method based on the properties of ROP/JOP gadgets[J]. Chinese Journal of Network and Information Security, 2022, 8(6): 135-145.
"
gadget类型 | 描述 | 形式 | 示例 |
移动寄存器MR | 将a寄存器参数赋给b寄存器 | mov reg1, reg2 | mov rax, edx |
加载寄存器LR | 将参数加载进寄存器 | pop reg | pop r15 |
加载内存LM | 将内存存放的参数给寄存器 | mov reg1,[reg2] | mov eax,[rax] |
存储内存SM | 将寄存器参数存入内存 | mov[reg1], reg2 | mov[rax], esi |
add reg1, reg2 | add ebx, rsi | ||
算术操作AM | 两个寄存器之间的算术运算/加载存储 | add[reg1], reg2 | add[rcx], al |
add reg, const | add eax, 0x208d8e | ||
栈操作SP | 设置栈顶指针 | xchg rsp, reg | xchg rsp, rax |
跳转操作JMP | 设置指令指针 | jmp reg | jmp qword ptr[rsi+0x41] |
函数调用CALL | 通过寄存器跳转到某函数 | call reg | call qword ptr[rsi+0x20] |
"
变体生成技术 | Gadgets相似度 | Gadgets损坏率 | Gadgets收集效率(个/s) | |||||
ROP | JOP | ROP | JOP | ROP | JOP | |||
CFF | 6.73% | 6.66% | 34% | 28% | 35.9 | 46.7 | ||
NI | 4.56% | 5.23% | 31% | 26% | 22.5 | 26.7 | ||
FCF | 7.63% | 8.56% | 23% | 20% | 51.2 | 50.4 | ||
GVS | 7.69% | 8.50% | 28% | 18% | 52.8 | 50.0 | ||
IR | 7.75% | 8.69% | 25% | 19% | 51.4 | 52.5 | ||
FR | 7.38% | 8.51% | 23% | 21% | 54.0 | 53.7 | ||
RS | 7.91% | 9.02% | 14% | 10% | 54.1 | 50.4 | ||
FS | 7.96% | 8.71% | 18% | 11% | 50.4 | 50.5 | ||
ESH | 7.82% | 8.79% | 21% | 12% | 51.0 | 52.5 | ||
Normal | — | — | 4% | 3% | 62.6 | 43.8 |
[1] | LITCHFIELD D . Buffer Underruns,DEP,ASLR and improving the exploitation prevention mechanisms (XPMs) on the Windows platform[EB]. |
[2] | ABADI M , BUDIU M H , ERLINGSSON ú ,et al. Control-flow integrity[C]// Proceedings of the 12th ACM conference on Computer and Communications Security CCS '05. 2005: 340-353. |
[3] | LIVSHITS V B , LAM M S . Finding security vulnerabilities in Java applications with static analysis[J]. 14th USENIX Security Symposium, 2005: 271-286. |
[4] | 姚东, 张铮, 张高斐 ,等. 多变体执行安全防御技术研究综述[J]. 信息安全学报, 2020,5(5): 77-94. |
YAO D , ZHANG Z , ZHANG G F ,et al. A survey on multi-variant execution security defense technology[J]. Journal of Cyber Security, 2020,5(5): 77-94. | |
[5] | GIUFFRIDA C , KUIJSTEN A , TANENBAUM A S . Enhanced operating system security through efficient and fine-grained address space randomization[C]// Proceedings of the 21st USENIX Conference on Security symposium. 2012:40. |
[6] | HISER J , NGUYEN-TUONG A , CO M ,et al. ILR:where'd my gadgets go[C]// Proceedings of 2012 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2012: 571-585. |
[7] | 刘镇武, 隋然, 张铮 ,等. 基于信息熵与软件复杂度的软件多样性评估方法[J]. 信息工程大学学报, 2020,21(2): 207-213. |
LIU Z W , SUI R , ZHANG Z ,et al. Software diversity evaluation method based on information entropy and software complexity[J]. Journal of Information Engineering University, 2020,21(2): 207-213. | |
[8] | HERNANDEZ-CASTRO J , ROSSMAN J . Measuring software diversity,with applications to security[J]. arXiv:1310.3307, 2013. |
[9] | SHANNON C E . A mathematical theory of communication[J]. Bell System Technical Journal, 1948,27(3): 379-423. |
[10] | COHEN F B . Operating system protection through program evolution[J]. Computers & Security, 1993,12(6): 565-584. |
[11] | COFFMAN J , KELLY D M , WELLONS C C ,et al. ROP gadget prevalence and survival under compiler-based binary diversification schemes[C]// Proceedings of the 2016 ACM Workshop on Software Protection. 2016: 15-26. |
[12] | COPPENS B , DE SUTTER B , MAEBE J . Feedback-driven binary code diversification[J]. ACM Transactions on Architecture and Code Optimization, 2013,9(4): 1-26. |
[13] | BRUMLEY D , POOSANKAM P , SONG D ,et al. Automatic patch-based exploit generation is possible:techniques and implications[C]// Proceedings of 2008 IEEE Symposium on Security and Privacy. 2008: 143-157. |
[14] | SEBASTIAN B , CHRISTIAN C , VIJAY G ,et al. Code obfuscation against symbolic execution attacks[C]// Proceedings of the 32nd Annual Conference on Computer Security Applications (ACSAC ’16). 2016: 189-200. |
[15] | SEBASTIAN B , CHRISTIAN C , AND ALEXANDER P . Predicting the resilience of obfuscated code against symbolic execution attacks via machine learning[C]// Proceedings of the 26th USENIX Security Symposium. 2017: 661-678. |
[16] | FABIO P , MATTEO D’A , DAVIDE B . Beyond precision and recall:understanding uses (and misuses) of similarity hashes in binary analysis[C]// Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy (CODASPY ’18). 2018: 354-365. |
[17] | COFFMAN J , CHAKRAVARTY A , RUSSO J A ,et al. Quantifying the effectiveness of software diversity using near-duplicate detection algorithms[C]// Proceedings of the 5th ACM Workshop on Moving Target Defense. 2018: 1-10. |
[18] | HOMESCU A , NEISIUS S , LARSEN P ,et al. Profile-guided automated software diversity[C]// Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). Piscataway:IEEE Press, 2013: 1-11. |
[19] | ROEMER R , BUCHANAN E , SHACHAM H ,et al. Return-oriented programming[J]. ACM Transactions on Information and System Security, 2012,15(1): 1-34. |
[20] | BLETSCH T , JIANG X X , FREEH V W ,et al. Jump-oriented programming:a new class of code-reuse attack[C]// Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security - ASIACCS '11. 2011: 30-40. |
[21] | COHEN F B . Operating system protection through program evolution[J]. Computers & Security, 1993,12(6): 565-584. |
[22] | CRANE S , LIEBCHEN C , HOMESCU A ,et al. Readactor:practical code randomization resilient to memory disclosure[C]// Proceedings of 2015 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2015: 763-780. |
[23] | JUNOD P , RINALDINI J , WEHRLI J ,et al. Obfuscator-LLVM:software protection for the masses[C]// Proceedings of 2015 IEEE/ACM 1st International Workshop on Software Protection. 2015: 3-9. |
[24] | LáSZLó T , KISS á . Obfuscating C++ programs via control flow flattening[C]// Processing of Annales Universitatis Scientarum 25 Budapestinensis de Rolando E¨otv¨os Nominatae,Sectio. 2009. |
[25] | COLLBERG C , THOMBORSON C , LOW D . Manufacturing cheap,resilient,and stealthy opaque constructs[C]// Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL '98. 1998: 184-196. |
[26] | AHMED S , XIAO Y , SNOW K Z ,et al. Methodologies for quantifying (re-) randomization security and timing under JIT-ROP[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020: 1803-1820. |
[1] | Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27. |
[2] | Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37. |
[3] | Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59. |
[4] | Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89. |
[5] | Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101. |
[6] | Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122. |
[7] | Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134. |
[8] | Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149. |
[9] | Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32. |
[10] | Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93. |
[11] | Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131. |
[12] | Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142. |
[13] | Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153. |
[14] | Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163. |
[15] | Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|