期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

针对ROP攻击的动态运行时检测系统 被引量:3

Dynamic Runtime Detection System for Return-oriented Programming Attack
下载PDF
导出
摘要 根据面向返回的编程(ROP)攻击及其变种的攻击原理,设计一个针对ROP攻击的动态运行时检测系统。该系统包括静态插桩和动态运行监控2个阶段。静态插桩为待检测程序装配分析代码,动态运行利用ret完整性检测、call完整性检测和jmp完整性检测方法分析程序的控制流和数据流,判断是否为ROP攻击。实验结果表明,该方法能完全检测出ROP恶意代码。 Return-oriented Programming(ROP) is a new attack based on code-reuse technique. This paper proposes a dynamic runtime detection system for return-oriented programming attack, studies the intrinsic nature of ROP and its variant. According to these nature, it designs ret integrity checking, call integrity checking and jmp integrity checking. The detecting system is implemented to static instrument and dynamic run-time checking. Static instrumentassemble the analysis code into the program to be detected and dynamic run-time checking do the real detection with the three integrity checking. Preliminary experimental results show that the method can efficiently detect ROP malicious code and have no false positives and negatives.
作者 韩浩 茅兵 谢立
机构地区 南京大学计算机软件新技术国家重点实验室 南京大学计算机科学与技术系
出处 《计算机工程》 CAS CSCD 2012年第4期122-125,共4页 Computer Engineering
基金 国家自然科学基金资助项目(61073027 90818022 60721002) 国家"973"计划基金资助项目(2009CB320705)
关键词 面向返回的编程 恶意代码 ROP检测 JOP检测 Return-oriented Programming(ROP) malicious code ROP detection JOP detection
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

  • 1Shacham T. The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86)[C] //Proc. of ACM CCS’07. New York, USA: ACM Press, 2007.
  • 2Kornau T. Return Oriented Programming for the ARM Architecture[D]. Bochum, German: Ruhr-University, 2010.
  • 3Chen Ping, Xiao Hai, Shen Xiaobin, et al. Drop: Detecting Return- oriented Programming Malicious Code[C] //Proc. of ICISS’10. Gandhinagar Gujarat, India: [s. n.] , 2010.
  • 4Davi L, Sadeghi A. Winandy M. Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-oriented Programming Attacks[C] //Proc. of ACM Workshop on Scalable Trusted Computing. Chicago, USA: ACM Press, 2009.
  • 5Davi L, Sadeghi A, Winandy M. Ropdefender: A Detection Tool to Defend Against Return-oriented Programming Attacks[R]. Ruhr-University, Tech. Rep.: HGI-TR-2010-001, 2010.
  • 6Francillon A, Perito D. Defending Embedded Systems Against Control Flow Attacks[C] //Proc. of ACM Workshop on Secure Execution of Untrusted Code. New York, USA: ACM Press, 2009.
  • 7Kernels J L, Zhi Wang, Jiang Xuxian, et al. Defeating Return- oriented Rootkits with Return-less Kernels[C] //Proc. of EUROSYS’10. New York, USA: [s. n.] , 2010.
  • 8Checkoway S, Shacham T. Escape from Return-oriented Programming: Return-oriented Programming Without Returns[C] // Proc. of ACM CCS’10. San Diego, USA: [s. n.] , 2010.
  • 9Bletsch T, Jiang Xuxian. Jump-oriented Programming: A New Class of Code-reuse Attack[R]. Association for Computing Machinery, Tech. Rep.: TR-2010-8, 2010.
  • 10Luk C K, Cohn P. Building Customized Program Analysis Tools with Dynamic Instrumentation[C] //Proc. of ACM SIGPLAN Conference on Programming Language Design and Implement- ation. New York, USA: [s. n.] , 2005.

二级参考文献6

  • 1Newsome J, Song D. Dynamic Taint Analysis for Automatic Detection, Analysis and Signature Generation of Exploits on Commodity Software[C]//Proc. of the 12th Network and Distributed System Security Symposium. San Diego, USA: [s. n.], 2005.
  • 2Chen Shuo, Xu Jun, Nakka N. Defeating Memory Corruption Attacks via Pointer Taintedness Detection[C]//Proc. of IEEE International Conference on Dependable Systems and Networks. Yokohama, Japan: IEEE Computer Society, 2005: 378-387.
  • 3Xu Jun, Ning Peng, Kil C. Automatic Diagnosis and Response to Memory Corruption Vulnerabilities[C]//Proc. of the 12th ACM Conference on Computer and Communications Security. Alexandria, USA: ACM Press, 2005: 223-234.
  • 4Sezer E C, Ning Peng, Kil C. MemSherlock: An Automated Debugger for Memory Corruption Vulnerabilities[C]//Proc. of the 14th ACM Conference on Computer and Communication Security. Alexandria, USA: ACM Press, 2007: 562-572.
  • 5Satoshi K, Hiroyuki K, Ryota S. Base Address Recognition with Data Flow Tracking for Injection Attack Detection[C]//Proc. of the 12th IEEE Pacific Rim Intl, Symposium on Dependable Computing. Riverside, USA: IEEE Computer Society, 2006: 165-172.
  • 6苏朋,陈性元,唐慧林,祝宁.基于进程执行轮廓的缓冲区溢出攻击效果检测[J].计算机工程,2009,35(6):156-158. 被引量:1

共引文献3

同被引文献26

  • 1王伟,邓辉宇,刘轶群.缓冲区溢出防护体系的构造[J].信息安全与通信保密,2006,28(8):105-108. 被引量:1
  • 2赵朋,艾丽蓉,管铭,邢雪峰.防御缓冲区溢出攻击的有效策略[J].信息安全与通信保密,2007,29(3):126-128. 被引量:1
  • 3林志强,王逸,茅兵,谢立.SafeBird:一种动态和透明的运行时缓冲区溢出防御工具集[J].电子学报,2007,35(5):882-889. 被引量:6
  • 4王清;张东辉;周浩.Oday安全:软件漏洞分析技术[M]北京:电子工业出版社,201138.
  • 5池瑞楠.Windows中基于硬件的缓冲区溢出攻击防范技术--DEP[J]电脑知识与技术(学术交流),2007(03):665-666.
  • 6ZHANG C, TAO W, CHEN Z, et aL Practical control flow integrity & randomization for binary executables [ C ]// Proceedings of the 2013 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2015:559 - 573.
  • 7RODES B D, NGUYEN-TUONG A, HISER J D, et al. Defense a- gainst stack-based attacks using speculative stack layout transforma- tion [ C]//RV 2012: Proceedings of the Third International Confer- ence on Runtime Verification, LNCS 7687. Berlin: Springer-Vet- lag, 2013:308-313.
  • 8COWAN C, PU C, MAIER D, et al. StackGuard: automatic adap- tive detection and prevention of buffer-overflow attacks [ C ]// SSYM'98: Proceedings of the 7th Conference on USENIX Security Symposium. Berkeley: USENIX Association, 1998, 7:63-78.
  • 9BHATKAR S, DUVARNEY D, SEKAR R. Address obfuscation: an efficient approach to combat a broad range of memory error exploits [ C]// Proceedings of the 12th USENIX Security Symposium. Berke- ley: USENIX Association, 2003:105 - 120.
  • 10RATANWORABHAN P, LIVSHITS B, ZORN, B. NOZZLE: a de- fense against heap-spraying code injection attacks [ C]//SSYM '09: Proceedings of the 18th USENIX Security Symposium. Berkeley: USENIX Association, 2009:169 - 186.

引证文献3

二级引证文献10

计算机工程
2012年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部