Most software diversification methods require source codes and generate variant binaries based on the compilers used.However,when converting binary codes directly,reversing them correctly is difficult owing to insufficient debugging information,and high performance overheads can be generated easily.Hence,a fine-grained software diversification method for binary codes is proposed herein.Using static binary rewriting technology to reorder function blocks,randomizing the original position of functions in code snippets,and changing the position of a program's memory segment gadgets,attackers lose their prior knowledge regarding the program to defend against large-scale code reuse attacks.To further increase the difficulty of cracking by attackers,dependency analysis is performed on the instructions within the basic block,and the instructions within the basic block are randomized while maintaining the original semantics of the randomized basic block.Performance test results show that the effect of function reordering on the survival rate of gadgets is greater than that of instruction reordering within the basic block.When both are performed simultaneously,the average survival rate of gadgets in the program is 5.71%.Comparison based on the fuzzy hash algorithm Tlsh show that this method can effectively avoid homology detection.Test results obtained using the tool Bindiff show that the heterogeneity of instruction reordering within the basic block after diversification is greater than that of function reordering.Moreover,on the benchmark test set SPEC CPU2006,when both function reordering and instruction reordering are performed simultaneously,the average operating cost is only 3.1%,thus indicating good practicality.
国家科技期刊平台
NSTL
万方数据
维普
