Proceedings of ISP RAS


Compiler protection techniques against software vulnerabilities exploitation.

A. Nurmukhametov, Sh. Kurmangaleev, V. Kaushan, S. Gaissaryan.

Abstract

Software vulnerabilities are critical for security. All C/C++ programs contain significant amount of vulnerabilities. Some of them can be successfully exploitable by attacker to gain control of the execution flow. In this article we propose several compiler protection techniques against vulnerability exploitation: function reordering, insertion of additional dummy variables into stack, local variables permutation on the stack. These transformations were implemented in GCC. It successfully diversifies whole operational system including Linux kernel. We suggest to generate diversified population of binary application files with these transformations. Diversified applications can be easily distributed via the application stores. Every client downloads the unique copy of application. The proposed method complicates and increases the cost of ROP-attacks. After downloading of the binary copy attacker can create ROP-exploit for this copy but it would not be exploitable for another application copy. The diversified transformations decrease application performance about 15% and increase code size about 5%.

Keywords

vulnerability; compiler transformations; ROP-attacks; exploit

Edition

Proceedings of the Institute for System Programming, vol. 26, issue 3, 2014, pp. 113-126.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

DOI: 10.15514/ISPRAS-2014-26(3)-6

Full text of the paper in pdf (in Russian) Back to the contents of the volume