摘要
随着智能手机领域的发展,几乎所有智能手机及平板电脑都采用了ARM架构,在此平台上的安全问题也越来越受到研究者的关注。X86平台上流行的返回导向编程被引入到了ARM平台上。通过研究总结X86平台上返回导向编程的攻击和防御机制,给出了该攻击移植到ARM平台上的技术细节,包括具体实现方式和gadget搜索算法的差异性,通过自动构建gadgets链加速Exploit开发,最后提出了一种系统库沙盒技术来防御此攻击。
With the development of mobile-phone field, ARM architecture is usually used in the mobile-phone and tablet computer, and the security issues on ARM platform always attract much attention from the researchers. ROP, a popular attack method on X86 is planted into ARM. This paper analyzes the different ROP defense methods on X86, presents the technical details of ROP attack, including specific implementation and gadgets search algorithm on ARM. Finally, a library sandbox technology is suggested to defense this kind of attack and secure the system.
出处
《信息安全与通信保密》
2012年第10期75-77,共3页
Information Security and Communications Privacy
基金
国家自然科学基金资助项目(批准号:61171173)