Binary Software Randomization Method Based on LLVM

摘要

In order to build software security defense system that is easy to keep and hard to compromise, based on the idea of moving target defense, a binary software randomization method was designed and implemented to resist the attacks of software vulnerabilities. Firstly, the binary software was represented by function equivalence LLVM IR, then the converted LLVM IR was processed by procedures such as instruction replacement, redundant inserting, and CFG reconstruction, finally, the processed LLVM IR was compiled to binary software, so the generated binary software has characteristics of randomization to effectively resist the attacks based on software vulnerabilities. By carrying out random transformation on the binary software, the transformed software shows uncertainty from static analysis and dynamic aspects, which makes it difficult to analyze and attack, effectively resist the traditional attack methods based on software vulnerabilities.