Application of compiler transformations against software vulnerabilities exploitation
Software vulnerabilities are a serious threat for security of information systems. Any software writ ten in C/C++ contain considerable amount of vulnerabilities. Some of them can be used by attackers to seize control of the system. In this paper, for counteracting such vulnerabilities, we propose to use compiler trans formations: function reordering by permutation within a module, insertion of additional local variables into the function's stack, local variables hashing on the stack. By means of these transformations, it is suggested to generate a diversified population of executable files of the application being compiled. Such an approach, for example, complicates planning of the ROP attacks on the entire population. Having obtained a single exe cutable file, the attacker can create an ROP exploit, which works only for this version of the application. The other executable files of the population will remain insensitive to this attack.