期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于DBI的ROP攻击检测 被引量:3

ROP Attack Detecting Method Based on DBI
下载PDF
导出
摘要 随着Return-Oriented Programming(ROP)思想的提出,程序安全面临新的挑战。ROP攻击操作粒度细致,特征隐蔽,构造精巧,静态特征稀少,因此传统的安全防御措施很难对之有效。在这种背景下,利用执行时的动态特征去识别、防御ROP攻击变得非常重要。Dynamic Binary Instrumentation(DBI)技术的引入,为ROP攻击动态特性分析提供了有力的支持。介绍一种利用DBI分析技术识别ROP攻击序列的方法,即通过识别恶意的程序执行流,约束库函数的调用规范,来检测ROP攻击。与此同时,还设计了一套可扩展的程序防御框架,用于检测程序的扩展,由此说明该检测工具的通用性与可扩展性。 As the promotion of the idea of return-oriented programming(ROP),programs will face many new kinds of challenges from virus programs.With fine granularity,covert virus features,deliberate and sophisticated construction and rare static characteristics,ROP attack can circumvent many traditional defending measures.Under this circumstances,it’s imperative to discover the dynamic features of ROP attack program,identify its characteristics and defend it when it is executed.At this time,introducing the technology of dynamic binary instrumentation provides powerful support for dynamic analysis of ROP attack.We introduced a defending measure to ROP attack with the help of DBI technology.By identifying malicious program execution flow and restricting the call specification of libraries,we detected ROP attack.Furthermore,we designed an extensible defending framework over ROP attack to prove the generality and portability of our detect tool.
作者 黄志军 郑滔
机构地区 南京大学软件学院
出处 《计算机科学》 CSCD 北大核心 2012年第9期120-125,共6页 Computer Science
基金 国家自然科学基金NSFC(61073027 61105069)资助
关键词 ROP 动态二进制插桩 程序安全 特征检测 图灵完备性 程序控制流 Return-oriented programming Dynamic binary instrumentation Programming security Characteristic detection Turning-complete Control flow
分类号 TP31 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献34

  • 1Shaeham H. The Geometry of Innocent Flesh on the Bone[C] //Return into-libc without Function Calls (on the x86) :CCS' 07 Proceedings of the 14th ACM Conference on Computer and Communications Security. New York, NY, USA: ACM, 2007: 552-561.
  • 2Du Wei-liang. Return to-libc Attack Lab [EB/OL]. http://www. cis. syr. edu/-wedu/seed/Labs/Vulnembility/Return to libc/ Return to libc. pdf, 2007.
  • 3Nergal. Advanced return-into-lib (c) exploits (PaX case study) [EB/OL]. http://www, phrack, org/issues, html? issue 58&id=4&&mode= txt.
  • 4Romer R, Buchanan E, Shacharn H, et al. Return-Oriented Pro- gramming: Systems, Languages, and Applications [C] // Return- Oriented Programming. USA: ACM: 1-40.
  • 5Krahmer S. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique [EB/OL]. http://packet- storm, igor. onlinedirect, hg/papers/bypass/no-nx, pdf, 2005.
  • 6Buchanan E, Roemer R, Shacham H. When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC [C]//CCS'08 Proceedings of the 15th ACM Conference on Computer and Cormnunications Security. New York, NY, USA~ ACM, 2008 : 27-38.
  • 7Hund R, Holz T, Freiling F C. ReturmOriented Rootkits: Bypas- sing Kernel Code Integrity Protection Mechanisms[C] // SSYM' 09 Proceedings of the 18th Conference on USENIX Security Symposium. CA, USA: USENIX Association Berkeley, 2009: 383-398.
  • 8Dullien T,Kornau T,Weinmann R-P. A framework for automa- ted architecture-independent gadget search[C]//Proceedings of the 4th USENIX Workshop on Offensive Technologies (WOOT). Washington, DC: USENIX Association, 2010.
  • 9Kornau T. Return Oriented Programming for the ARM Archi tecture[EB/OL]. http://zynamics, com/downloads/komau- tim--diplomarbeit-rop, pdf, Master thesis, Ruhr-University 130- chum,Germany, 2009.
  • 10Davi L, mitrienkoy A, Sadeghi A-R, et al. Return-Oriented Pro- gramming without Returns on ARM[C]//HGI-TR-2010-002. Ruhr University Bochum, Germany, 2010.

同被引文献15

  • 1Hovav Shacham. The Geometry of Innocent Flesh on the Bone: R, eturn-into-libc without Function Calls (on the x86): CCS'07 Proceedings of the 14th ACM conference on Computer and communications security, 2007[C]. New York NY, USA= ACM, 2007:552-561.
  • 2Erik Buchanan, lyan Roemer, Hovav Shacham. When Good Instructions Go Bad: Generalizing R, eturn-Oriented Programming to ff, ISC: CCS'08 Proceedings of the i5th ACM conference on Computer and communications security 2008[C]. New York, NY, USA: ACM , 2008:27-38.
  • 3RIf Oriented Hund, Rootkits Thorsten Holz, Felix C. Freiling. R, eturn- Bypassing Kernel Code Integrity Protection Mechanisms: SSYMO9 Proceedings of the 18th conference on USENIX security symposium, 2009[C]. CA, USA: USENIX Association Berkeley, 2009:586-598.
  • 4Tim Kornau. Return Oriented Programming for the AlUM Architecture[C], Master thesis, tuhr-University Bochum, Germany. 2009.
  • 5Martin Abadi,Mihai Budiu,Jay Ligatti. Control-Flow Integrity Principles, Implementations, and Applications[J]: ACM Transactions on Information and System Security (TISSEC) 2009,Volume 13 Issue l: No. 4 article.
  • 6Intel.Pin-A Dynamic Binary Instrumentation Tool. https://software.intel.com/en-us/articles/pintool/ wbia09.pdf . 2012
  • 7陈丹.“二进制审核”方式的缓冲区溢出漏洞挖掘[J].办公自动化(综合月刊),2012(9):44-45. 被引量:1
  • 8诸葛建伟,陈力波,田繁,鲍由之,陆恂.基于类型的动态污点分析技术[J].清华大学学报(自然科学版),2012,52(10):1320-1328. 被引量:6
  • 9高迎春,周安民,刘亮.Windows DEP数据执行保护技术研究[J].信息安全与通信保密,2013,11(7):77-79. 被引量:6
  • 10邢骁,陈平,丁文彪,茅兵,谢立.BIOP:自动构造增强型ROP攻击[J].计算机学报,2014,37(5):1111-1123. 被引量:11

引证文献3

二级引证文献5

计算机科学
2012年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部