Annual Computer Security Applications Conference (ACSAC) 2022

Full Program »

MProbe: Make the code probing meaningless

Modern security methods use address space layout randomization (ASLR) to defend against code reuse attacks (CRAs). However, code probing can still obtain the content and address of the code through code probing. Code probing invalidates the widely used ASLR methods, causing researchers to lose confidence in them. On the contrary, we believe the ALSR is still effective, if it has anti-probing capability. To enhance the anti-probing capability of ALSR and defense CRAs, this paper proposes an anti-probing method MProbe. First, it detects the code probing activities of attackers, including address probing and content probing. Next, the execution permission of the probed code will be de-enabled in the original address space. At the same time, the equivalent code block in a random address space will replace the probed code. Finally, new security strategies are used to prevent the probed code blocks from being used as gadgets. Experiments and analysis show that MProbe has a good defense effect against CRAs based on code probing, and only introduces less than 3% performance overhead to the operating system (OS).

YongGang Li
China University of Mining and Technology

Yeh-Ching Chung
the Chinese University of Hong Kong (CUHK), Shenzhen

Jinbiao Xing
China University of Mining and Technology

Yu Bao
China University of Mining and Technology

GuoYuan LIn
China University of Mining and Technology

Paper (ACM DL)



Powered by OpenConf®
Copyright©2002-2023 Zakon Group LLC