摘要: 通用平台目标二进制代码运行时控制流的提取主要依赖于处理器硬件特性,或其动态二进制插桩工具,该平台的控制流完整性验证方法无法直接移植到进阶精简指令集机器(ARM)架构中。为此,基于控制流完整性验证技术,设计一种用于ARM 架构,利用缓冲溢出漏洞检测控制流劫持攻击的方法。该方法在程序加载时、执行前动态构建合法跳转地址白名单,在目标二进制代码动态执行过程中完成控制流完整性验证,从而检测非法控制流
转移,并对非法跳转地址进行分析,实现漏洞的检测和诊断。在ARM-Linux 系统的动态二进制分析平台上实施测试,结果表明,该方法能够检测出漏洞,并精确定位攻击矢量。
关键词:
控制流完整性,
进阶精简指令集机器架构,
合法地址白名单,
动态二进制分析,
攻击矢量定位
Abstract: On common platform, the extraction of run-time control-flow to target binary code relies on either
processor’s mechanism or Dynamic Binary Instrumentation(DBI) tools. So,the implementation on common platform can not be transplanted to Advanced RISC Machine(ARM) directly. Based on Control Flow Integrity(CFI) enforcement,this paper designs a method to detect and diagnose control flow hijacking which is implemented by exploit a buffer overflow vulnerability on ARM. This method dynamically builds a white-list of legitimate branch target address before the target binary code execute,performs CFI enforcement to detect illegal control-flow transfer at run-time,analyzes the illegal branch target address to achieve exploit diagnosis. It implements the technique on a dynamic binary analysis platform for ARM-Linux systems. Results show that it can effectively detect the exploit and locates the attack vector.
Key words:
Control Flow Integrity(CFI),
Advanced RISC Machine(ARM) architecture,
legitimate address white-list,
dynamic binary analysis,
attack vector location
中图分类号: