基于用户输入分析的返回导向编程攻击检测

DETECTING RETURN-ORIENTED PROGRAMMING ATTACKS BASED ON USER INPUT ANALYSIS

下载PDF

导出

摘要返回导向编程攻击,通过将程序中现有的二进制代码片段进行有机的组合,能有效地生成恶意代码攻击程序,而现有的攻击检测技术不能很好地对这类攻击进行检测。介绍返回导向编程攻击,分析并指出返回栈的成功构造是使得这种攻击成功的关键事实。基于这个事实,设计并实现了一个返回导向编程攻击的检测系统B re。tB ret的检测原理和攻击者利用的代码片段是正交的,从而可以很好地防御基于"更新-加载-跳转"指令序列的返回导向编程攻击。在对B ret的攻击检测能力和性能评测中,B ret展示了高效的检测能力,几乎不产生误报和漏报,同时,使用B ret保护的程序产生了非常小的性能开销。 Return-oriented programming attack,which fits together the pieces of existing binary code in program in an organic way to effectively form malicious code attack program,nullifies many existing attacks detection approaches in checking such attacks.In this paper we are to introduce the return-oriented programming attacks,analyse and point out a key fact that the successful construction of the return stack achieves such attacks.Based on this fact,we design and implement the Bret,which is a detection system against the return-oriented programming attack.The detection theory of Bret is in orthogonal to the pieces of code which the attackers uses,therefore it works good in defensing the ＂update-load-branch＂ instruction sequence-based return-oriented programming attack.On evaluation on attacks detection capability and performance of Bret,it represents high detection capability with few false alarm and missing.Meanwhile,the performance overhead of the programs protected by Bret is very small.

作者袁立威高晓桐

机构地区复旦大学并行处理研究所

出处《计算机应用与软件》 CSCD 北大核心 2012年第2期13-16,共4页 Computer Applications and Software

基金国家自然科学基金(90818015)

关键词返回导向编程攻击返回栈输入分析更新-加载-跳转 Return-oriented programming attack Return stack Input analysis Update-load-branch

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献13

1Roemer R, Buchanan E, Shacham H, et al. Return.oriented Program- ming :Systems,languages,and Applications [ D ]. Boston: RBSS, 2009.
2Chen P,Xiao H,Shen X, et al. DROP: Detecting return-oriented pro- gramming malicioua code[ C]//Kolkata, India. Proceeding of Interna- tional Commission on Intervention and State Sovereignty, 2009:63 -77.
3Davi L, Sadeghi A R, Winandy M. Dynamic integrity measurement and attestation: Towards defense against return-oriented programming at- tacks[ C ]//Chicago. Proceedings of Scalable Trusted Computing, 2009:49 - 54.
4Gupta S, Pratap P, Saran H, et al. Dynamic code instrumentation to de- tect and .recover from return address corruption [ C ]//New York. Pro- ceeding of International Workshop on Dynamic System Analysis, 2006: 65 - 72.
5Li J, Wang Z, Jiang X, Grace M, et al. Defeating return-oriented root- kits with "return-less" kernels [ C ]//Paris, France. Proceeding of EumSys ,2010 : 195 -208.
6Bahia P. Security Migrations for Return-oriented Programming Attacks [ J ]. Computing Research Repository,2010 ( 1 - 8 ) : 1008 - 4099.
7Checkoway S, Davi L, Dmitrienko A, et al. Return-oriented Program- ming. without Returns [ C ]//Chicago. Proceeding of Conference on Computer and Communications Security ,2010 : 559 - 572.
8Bohm I. Integration of security measures and techniques in an operating system, openBSD release note. Unpublished.
9Cybersecurity: A crisis of prioritization [ R ]. Technical report, Presi- dents Information Technology Advisory Committee, 2005.
10Bailey M, Cooke E, Watson D, et al, The Blaster Worm : Then and Now [ C]//IEEE Security & Privacy, 2005:26-31.

1蔡巍伟.初中英语语法知识输入分析[J].中学生英语（中旬刊）,2014(5):6-6. 被引量：1
2王爽,华庆一.Web系统维护中的逆向工程研究[J].计算机技术与发展,2008,18(1):129-131.
3周雯,张秀娟.单片机系统的输入输出通道及信号的输入分析[J].硅谷,2009,2(22).
4张彩甜.模式识别技术的应用——珠宝玉石计算机辅助鉴定及信息系统[J].福建电脑,2009,25(9):101-101. 被引量：8
5安俊,俞洪杰.桥机主梁特殊截面应力有限元分析软件界面设计[J].现代制造技术与装备,2012,48(6):16-17. 被引量：2
6惠国华,倪彧.基于信噪比分析技术的谷物霉变快速检测方法[J].农业工程学报,2011,27(3):336-340. 被引量：9

计算机应用与软件

2012年第2期

浏览历史

内容加载中请稍等...

基于用户输入分析的返回导向编程攻击检测

参考文献13

相关作者

相关机构

相关主题

浏览历史