Skip to main content
SpringerLink
Log in

Application of compiler transformations against software vulnerabilities exploitation

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

Software vulnerabilities are a serious threat for security of information systems. Any software written in C/C++ contain considerable amount of vulnerabilities. Some of them can be used by attackers to seize control of the system. In this paper, for counteracting such vulnerabilities, we propose to use compiler transformations: function reordering by permutation within a module, insertion of additional local variables into the function’s stack, local variables hashing on the stack. By means of these transformations, it is suggested to generate a diversified population of executable files of the application being compiled. Such an approach, for example, complicates planning of the ROP attacks on the entire population. Having obtained a single executable file, the attacker can create an ROP exploit, which works only for this version of the application. The other executable files of the population will remain insensitive to this attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Dazhi, Z., Detecting program vulnerabilities using trace-based security testing, Ph. D. Dissertation, Arlington, TX: University of Texas at Arlington, 2011.

    Google Scholar 

  2. Avetisyan, A., Belevantsev, A., Borodin, A., and Nesov, B., The use of static analysis for searching vulnerabilities and critical errors in sources code, Trudy ISP RAN (Proceedings of ISP RAS), 2011, vol. 21, pp. 23–38.

    Google Scholar 

  3. Stojanovski, N., Gusev, M., Gligoroski, G., and Knapskog, S., Bypassing data execution prevention on Microsoft Windows XP SP2, Proceedings of the Second International Conference on Availability, Reliability and Security, ARES’ 07, 2007, pp. 1222–1226.

    Chapter  Google Scholar 

  4. Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., Boneh, D., On the effectiveness of addressspace randomization, Proc. of the 11th ACM Conf. on Computer and Communications Security, CCS’ 04, 2004, pp. 298–307.

    Chapter  Google Scholar 

  5. Wagle, P. and Cowan, C., Stackguard: simple stack smash protection for GCC, Proc. of the GCC Developers Summit, 2003, pp. 243–255.

    Google Scholar 

  6. Jelinek, J., Object size checking to prevent (some) buffer overflows, 2004. https://gcc.gnu.org/ml/gccpatches/2004-09/msg02055.html.

    Google Scholar 

  7. Sinnadurai, S., Zhao, Q., and Wong, W., Transparent runtime shadow stack: Protection against malicious return address modifications, 2008.

    Google Scholar 

  8. StackShield: A “stack smashing” technique protection tool for Linux. http:/www.angelfire.com/sk/stackshield.

  9. Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Jalote, A., and Kuperman, B.A., SmashGuard: A hardware solution to prevent security attacks on the function return address, Technical Report TR-ECE 03-13, Purdue University, 2004.

    Google Scholar 

  10. Onarlioglu, K., Bilge, L., Lanzi, A., Balzarotti, D., and Kirda, E., G-Free: defeating return-oriented programming through gadget-less binaries, Proc. of the 26th Annual Computer Security Applications Conf., ACSAC’ 10, 2010, pp. 49–58.

    Chapter  Google Scholar 

  11. Li, J., Wang, Z., Jiang, X., Grace, M., and Bahram, S., Defeating return-oriented rootkits with “return-less” kernels, Proceedings of the 5th European Conference on Computer Systems, EuroSys’ 10, 2010, pp. 195–208.

    Google Scholar 

  12. Ivannikov, V., Kurmangaleev, Sh., Belevantsev, A., Nurmukhametov, A., Savchenko, V., Matevosyan, R., and Àvetisyan, A., Implementing obfuscating transformations in the LLVM compiler infrastructure, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2014, vol. 26, no. 1, pp. 327–342.

    Google Scholar 

  13. Stewart, M., Algorithmic diversity for software security. http://arxiv.org/abs/1312.3891.

  14. Franz, M., E unibus pluram: Massive-scale software diversity as a defense mechanism, Proc. of the 2010 Workshop on New Security Paradigms, NSPW’10, 2010, pp. 7–16.

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of System Programming, Russian Academy of Sciences, ul. Solzhenitsyna 25, Moscow, 109004, Russia

    A. R. Nurmukhametov, Sh. F. Kurmangaleev, V. V. Kaushan & S. S. Gaissaryan

Authors
  1. A. R. Nurmukhametov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sh. F. Kurmangaleev
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. V. Kaushan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. S. Gaissaryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. R. Nurmukhametov.

Additional information

Original Russian Text © A.R. Nurmukhametov, Sh.F. Kurmangaleev, V.V. Kaushan, S.S. Gaissaryan, 2014, published in Proceedings of the Institute for System Programming of RAS, 2014, Vol. 26, I. 3, pp. 113–126.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nurmukhametov, A.R., Kurmangaleev, S.F., Kaushan, V.V. et al. Application of compiler transformations against software vulnerabilities exploitation. Program Comput Soft 41, 231–236 (2015). https://doi.org/10.1134/S0361768815040052

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768815040052

Keywords

Search

Navigation