Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Global offset table protection method based on address randomness and segment isolation

An offset table and address technology, which is applied in computer security devices, platform integrity maintenance, instruments, etc., can solve the problems of time-consuming function analysis and analysis waste, etc.

Active Publication Date: 2015-11-25
THE PLA INFORMATION ENG UNIV +1
View PDF3 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the function parsing work is time-consuming. Parsing all library functions during loading will delay the startup process of the program, and many library functions may not be executed at all, and their parsing is also a waste, so this method is not available in GCC. Enabled by default in the compiler

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Global offset table protection method based on address randomness and segment isolation
  • Global offset table protection method based on address randomness and segment isolation
  • Global offset table protection method based on address randomness and segment isolation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] Embodiment one, see figure 1 As shown, the global offset table protection method based on random address and segment isolation includes the following steps:

[0028] Step 1. After the ELF program is loaded, randomly apply for memory space, copy the content of the ELF segment to the memory space, assign a new segment name, and define the loading field PT_DYNAMIC in the ELF program header to describe .dynamic section information;

[0029] Step 2. Create a segment descriptor for the memory space randomly applied for in step 1, select a free segment register as a special segment register, and load the segment descriptor into the special segment register;

[0030] Step 3. Modify the program table header and the section content of the new section name in step 1 to make it meet the pointing relationship of the section in ELF, and modify the code in the .plt section to make it access GOT through a special section register surface;

[0031] Step 4. Initialize the dynamic link...

Embodiment 2

[0033] Embodiment two, see Figure 2~4 As shown, it is basically the same as Embodiment 1, the difference is that in the step 1, randomly applying for a memory space and copying the content of the ELF segment to the memory space specifically includes randomly applying for at least three pages of memory space on demand, including Readable and executable pages, readable-only pages, and readable and writable pages, among them, .plt is copied to the readable and executable pages, which is recorded as .new.plt; .rel.plt is copied to the read-only pages, recorded as .new.rel.plt; .dynamic and .got.plt are copied to readable and writable pages, and are recorded as .new.dynamic and .new.got.plt respectively. The three-page memory space can be any in the address space Three pages of unused memory.

[0034] Preferably, in step 1, the content of the ELF section is copied into the memory space, and the new section name given specifically includes: copying the contents of the .plt, .rel.p...

Embodiment 3

[0041] Embodiment three, in combination with specific embodiments, the technical solution of the present invention is further introduced, and the specific implementation process is as follows:

[0042] The ELF program header table contains a section of type PT_DYNAMIC, which contains the .dynamic section. By parsing the .dynamic section, the starting offset of the .plt.got, .rel.plt section, and .rel.plt section can be obtained size, the type of relocation items in .rel.plt; according to the obtained information about the .rel.plt section, you can know the number of library functions referenced by the program:

[0043] libfun_num=size(.rel.plt) / sizeof(Type_Rel)

[0044] Among them, Type_Rel is determined as Elf32_Rel or Elf32_Rela according to the type of the relocation table. The definitions of these two types are as follows Figure 8 shown.

[0045] According to the number of library functions, the size of .got.plt is calculated, size(.got.plt)=libfun_num*4+12, the library...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a global offset table protection method based on address randomness and segment isolation. The global offset table protection method comprises the steps that an ELF program is loaded, a memory space is randomly applied, ELF segment content is copied and given a new segment name, and a field PT_DYNAMIC is loaded; a segment descriptor is established for the memory space, an idle segment register is selected, and the segment descriptor is loaded into the segment register; the header of the program and the segment content in the memory space are modified, and codes in a .plt segment are modified; a dynamic linker is initialized, the segment content of the header of the program is modified, and an address where a .dynamic segment is located is hidden. According to the global offset table protection method, randomization processing is added, the address of a GOT is obtained by disassembling the codes, the address of the GOT cannot be worked out under the situation that the segment base address of the segment register is not known, the malicious code hijack attack carried out on the original fixed address of the GOT fails, and the malicious attack through the method of trying to read the fixed memory address and working out the address of the GOT fails.

Description

technical field [0001] The invention relates to the technical field of computer executable file security, in particular to a global offset table protection method based on address randomness and segment isolation. Background technique [0002] In a dynamically linked ELF program, the referenced external symbols are divided into two categories, one is the reference to foreign global data (such as global variables), and the other is the call of foreign global functions; the locations of references and calls are distributed throughout the in the executable program. In order to facilitate management, two sections .got and .got.plt are defined in the executable file of ELF format, which are called the global offset table GOT (GlobalOffsetTable), which is specially used to centrally store the global symbols and functions referenced by the executable program Wherein, the destination address of the global data symbol is recorded in the .got section, and the destination address of t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 林键郭玉东周少皇何红旗董卫宇王立新蔄羽佳
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com