A Control Flow Protection Method Based on Code Extraction
Code reuse attack is one of the main threats to control flow security.Although address space layout randomization can mitigate this attack,it can be bypassed by code probes.In contrast,control flow integrity methods have better protection effects.However,either rely on source code or track all control flows in the entire life cycle of the target process.The former cannot protect the closed source objects,while the latter introduces significant runtime overhead.In response to the above issues,this paper proposes a control flow protection method MCE(Micro Code Extraction).The protection targets of MCE are closed source objects whose source are unavailable.Compared with existing methods,MCE does not blindly track all control flow transfer activities.It detects code probes in real-time and only targets the probed code as a protection target.Afterwards,MCE extracts the code snippets with potential risks to further reduce the size of the target object.Finally,all control flows that jump into the risk code will be tracked and detected.Experiments and analysis have shown that MCE has a good protection effect on code probes and code reuse attacks,and only introduces 2%overhead to the CPU in general scenarios.
code probescode reuse attackscontrol flow hijackingcode extractionmemory access control
NETL
NSTL
万方数据
