Visible to the public An Approach of Code Pointer Hiding Based on a Resilient Area

TitleAn Approach of Code Pointer Hiding Based on a Resilient Area
Publication TypeConference Paper
Year of Publication2019
AuthorsXuewei, Feng, Dongxia, Wang, Zhechao, Lin
Conference Name2019 Seventh International Conference on Advanced Cloud and Big Data (CBD)
Keywordsattack scenario, code pointer hiding, code randomization, code reuse, code reuse attack, composability, compositionality, Diversity methods, flow graphs, Human Behavior, human factors, Information Reuse and Security, information system security, Information systems, Layout, memory disclosure vulnerability, Payloads, pointer hiding, pubcrawl, resilience, Resiliency, resilient area, rop attacks, Scalability, security, security of data, Software, source code (software)

Code reuse attacks can bypass the DEP mechanism effectively. Meanwhile, because of the stealthy of the operation, it becomes one of the most intractable threats while securing the information system. Although the security solutions of code randomization and diversity can mitigate the threat at a certain extent, attackers can bypass these solutions due to the high cost and coarsely granularity, and the memory disclosure vulnerability is another magic weapon which can be used by attackers to bypass these solutions. After analyzing the principle of memory disclosure vulnerability, we propose a novel code pointer hiding method based on a resilient area. We expatiate how to create the resilient area and achieve code pointer hiding from four aspects, namely hiding return addresses in data pages, hiding function pointers in data pages, hiding target pointers of instruction JUMP in code pages, and hiding target pointers of instruction CALL in code pages. This method can stop attackers from reading and analyzing pages in memory, which is a critical stage in finding and creating ROP chains while executing a code reuse attack. Lastly, we test the method contrastively, and the results show that the method is feasible and effective while defending against ROP attacks.

Citation Keyxuewei_approach_2019