Application of compiler transformations against software vulnerabilities exploitation

Cite as: bibtex
Nurmukhametov, A.R., Kurmangaleev, S.F., Kaushan, V.V., Gaisaryan, S.S.. Application of compiler transformations against software vulnerabilities exploitation. Programming and Computer Software, vol. 41, issue 4, 2015, pp. 231-236. DOI: 10.1134/S0361768815040052

Software vulnerabilities are a serious threat for security of information systems. Any software written in C/C++ contain considerable amount of vulnerabilities. Some of them can be used by attackers to seize control of the system. In this paper, for counteracting such vulnerabilities, we propose to use compiler transformations: function reordering by permutation within a module, insertion of additional local variables into the function’s stack, local variables hashing on the stack. By means of these transformations, it is suggested to generate a diversified population of executable files of the application being compiled. Such an approach, for example, complicates planning of the ROP attacks on the entire population. Having obtained a single executable file, the attacker can create an ROP exploit, which works only for this version of the application. The other executable files of the population will remain insensitive to this attack.