基于ROP/JOP gadgets性质的软件多样化评估方法  

作　　者：迟宇宁 郭云飞[1] 王亚文 扈红超 CHI Yuning;GUO Yunfei;WANG Yawen;HU Hongchao(Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]信息工程大学,河南郑州450001

出　　处：《网络与信息安全学报》2022年第6期135-145,共11页Chinese Journal of Network and Information Security

基　　金：国家重点研发计划(2021YFB1006200,2021YFB1006201);国家自然科学基金(62072467)。

摘　　要：为应对信息化生活中的网络攻击及威胁,降低网络系统中同质化攻击快速蔓延的风险,增强网络和软件的安全性,软件多样化技术被应用到系统中。软件多样化旨在生成功能等价但内部发生变化的程序变体,从而改变单一的运行环境,缓解同质化攻击。现有的多样化技术的评估指标ROP(return-oriented programming)gadgets幸存率难以直接体现安全性影响且评估方法单一,为了更加全面有效地评估软件多样化方法的有效性,提出基于ROP/JOP(jump-oriented programming)gadgets性质的软件多样化评估方法,通过分析常见的代码重用攻击,将抽象的量化转为具象的指标,从空间、时间及质量3个方面评估多样化方法的安全增益及效果。该方法根据gadgets的相似性、损坏度和可用性3个性质探讨软件多样化技术如何影响ROP/JOP攻击。用指令替换、NOP插入、控制流平坦等9种多样化方法对GNUcoreutils程序集进行多样化编译生成多样化程序集。对多样化程序集进行基于gadgets性质的实验,根据实验结果评估不同多样化方法的有效性及对攻击造成的影响。实验结果表明,该方法能够对软件多样化方法的安全增益进行准确评估,多样化技术会导致ROP/JOP攻击所需的攻击链空间增大,构造攻击链的时间变长且攻击成功率降低。不同的多样化方法产生的效果高低不一,对后续研究具有更高安全增益的多样化技术有指导作用。In order to reduce the risk of rapid spread of homogeneous attacks in network systems,and enhance network and software security,software diversification technologies are applied widely nowadays.Software diversification aims to generate functionally equivalent but internally changed program variants,thereby alter a single operating environment and mitigating homogenization attacks.The existing diversified technical evaluation index ROP gadgets survival rate is difficult to directly reflect the safety impact and the evaluation method is single.In order to evaluate the effectiveness of the diversification method more comprehensively and effectively,a software diversification evaluation method based on the properties of ROP/JOP gadgets is proposed,by analyzing common code reuse attacks,and turns abstract quantification into concrete indicators evaluates the security gain and effect of diversified methods from three aspects of space,time and quality.The method first discusses how diversification techniques affect ROP/JOP attacks according to the three properties of gadgets similarity,damage degree and availability.Nine kinds of diversification methods,such as instruction replacement,NOP insertion,and control flow flattening,are used to diversify the GNU coreutils assembly to generate diversification assembly.Experiments based on the property of gadgets are carried out on the diverse assemblies,and the effectiveness of different diversification methods and the impact on attacks are evaluated according to the experimental results.The experimental results show that this method can accurately evaluate the security gain of software diversification methods,the diversification technology will lead to the increase of the attack chain space required by the ROP/JOP attack,the longer time to construct the attack chain and the lower the attack success rate.The effects of different diversification methods are different,it has a guiding role for the follow-up research on diversified technologies with higher safety gains.

关 键 词：软件多样化 ROP/JOP攻击 gadgets性质 安全增益评估 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]