Fu J.,Key Laboratory of Aerospace Information Security and Trusted Computing of the Ministry of Education |
Fu J.,Wuhan University |
Lin Y.,Key Laboratory of Aerospace Information Security and Trusted Computing of the Ministry of Education |
Lin Y.,Wuhan University |
And 2 more authors.
Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 | Year: 2016
Address space randomization is an attractive way to counter against code-reuse attack. However, traditional Address Space Layout Randomization (ASLR) just randomizes the base address of a binary, whose relative address is not changed. So attackers can still use the fixed relative address to construct gadgets needed by code-reuse attack through information leakage. Although many fine-grained randomization approaches have been proposed recently, most of them rely on additional information, such as source code and symbol table. To overcome these limitations, we propose a function-level randomization approach, called Bin-FR, which performs function permutation and NOP instruction insertion randomly between functions without the support of symbol table through binary rewriting. Bin-FR is a fine-grained randomization approach, which increases the difficulty for attackers to predict the space layout of running binaries. Finally, we have implemented Bin-FR based on the disassembly tool Capstone on x86 64 64-bit version of Kali. Its experimental results show that Bin-FR can identify functions accurately and counter against code-reuse attack effectively, moreover, the runtime overhead of Bin-FR is negligible. © 2016 IEEE.