期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于地址完整性检查的函数指针攻击检测 被引量:3

Function pointer attack detection with address integrity checking
下载PDF
导出
摘要 针对传统函数指针攻击检测技术无法检测面向返回编程(ROP)攻击的问题,提出了一种基于跳转地址完整性检查的新方法,在二进制代码层面能够检测多种类型的函数指针攻击。首先,通过静态分析得到函数地址信息,然后动态检查跳转目标地址是否位于合法函数区间。分析了非入口点跳转,提出一种动静结合方法检测ROP攻击。基于二进制代码插桩工具实现原型系统fpcheck,对真实攻击和正常程序进行了测试。实验结果表明fpcheck能够检测包括ROP在内的多种函数指针攻击,通过准确的检测策略,误报率显著下降,性能损失相比原始插桩仅升高10%~20%。 Traditional detection techniques of function pointer attack cannot detect Return-Oriented-Programming (ROP) attack. A new approach by checking the integrity of jump address was proposed to detect a variety of function pointer attacks on binary code. First, function address was obtained with static analysis, and then target addresses of jump instructions were checked dynamically whether they fell into allowed function address space. The non-entry function call was analyzed, based on which a new method was proposed to detect ROP attack by combining static and dynamic analysis. The prototype system named fpcheek was developed using binary instrumentation tool, and evaluated with real-world attacks and normal programs. The experimental results show that fpcheck can detect various function pointer attacks including ROP, the false positive rate reduces substantially with accurate policies, and the performance overhead only increases by 10% to 20% compared with vanilla instrumentation.
作者 代伟 刘智 刘益和
机构地区 内江师范学院计算机科学学院 电子科技大学计算机科学与工程学院
出处 《计算机应用》 CSCD 北大核心 2015年第2期424-429,共6页 journal of Computer Applications
基金 2013年四川省学术和技术带头人培养资金资助项目(13XSJS002)
关键词 缓冲区溢出 面向返回编程 非入口点跳转 动态分析 二进制代码插桩 buffer overflow Return-Oriented-Programming (ROP) non-entry function call dynamic analysis binary instrumentation
分类号 TP309 [自动化与计算机技术—计算机系统结构] TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献20

  • 1ZHANG C, TAO W, CHEN Z, et aL Practical control flow integrity & randomization for binary executables [ C ]// Proceedings of the 2013 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2015:559 - 573.
  • 2RODES B D, NGUYEN-TUONG A, HISER J D, et al. Defense a- gainst stack-based attacks using speculative stack layout transforma- tion [ C]//RV 2012: Proceedings of the Third International Confer- ence on Runtime Verification, LNCS 7687. Berlin: Springer-Vet- lag, 2013:308-313.
  • 3COWAN C, PU C, MAIER D, et al. StackGuard: automatic adap- tive detection and prevention of buffer-overflow attacks [ C ]// SSYM'98: Proceedings of the 7th Conference on USENIX Security Symposium. Berkeley: USENIX Association, 1998, 7:63-78.
  • 4BHATKAR S, DUVARNEY D, SEKAR R. Address obfuscation: an efficient approach to combat a broad range of memory error exploits [ C]// Proceedings of the 12th USENIX Security Symposium. Berke- ley: USENIX Association, 2003:105 - 120.
  • 5RATANWORABHAN P, LIVSHITS B, ZORN, B. NOZZLE: a de- fense against heap-spraying code injection attacks [ C]//SSYM '09: Proceedings of the 18th USENIX Security Symposium. Berkeley: USENIX Association, 2009:169 - 186.
  • 6SHACHAM H, PAGE M, PFAFF B, et al. On the effectiveness ofaddress-space randomization [ C]// CCS '04: Proceedings of the 11 th ACM Conference on Computer and Communications Security. New York: ACM, 2004:298-307.
  • 7SHACHAM H. The geometry of innocent flesh on the bone: return- into-libc without function calls (on the x86) [ C]// CCS '07: Pro- ceedings of the 14th ACM conference on Computer and Communica- tions Security. New York: ACM, 2007:552 -561.
  • 8COWAN C, BEATTIE S, JOHNSEN J, et aL PointGuard: protec- ting pointers from buffer overflow vulnerabilities [ C]// SSYM '03: Proceedings of the 12th Conference on USENIX Security Symposi- um. Berkeley: USENIX Association, 2003: 91-104.
  • 9WANG H, GUO Y, CHEN X. FPValidator: validating type equiva- lence of function pointers on the fly [ C] f/ACSAC '09: Proceedings of Annual Computer Security and Applications. Washington, DC: IEEE Computer Society, 2009:51-59.
  • 10ABADI M, BUDIU M, ERLINGSSON U, et al. Control flow integ- rity [ C]//CCS '05: Proceedings of 12th ACM Conference on Com- puter and Communications Security. New York: ACM, 2005:340 -351.

二级参考文献60

  • 1Shacham T. The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86)[C] //Proc. of ACM CCS’07. New York, USA: ACM Press, 2007.
  • 2Kornau T. Return Oriented Programming for the ARM Architecture[D]. Bochum, German: Ruhr-University, 2010.
  • 3Chen Ping, Xiao Hai, Shen Xiaobin, et al. Drop: Detecting Return- oriented Programming Malicious Code[C] //Proc. of ICISS’10. Gandhinagar Gujarat, India: [s. n.] , 2010.
  • 4Davi L, Sadeghi A. Winandy M. Dynamic Integrity Measurement and Attestation: Towards Defense Against Return-oriented Programming Attacks[C] //Proc. of ACM Workshop on Scalable Trusted Computing. Chicago, USA: ACM Press, 2009.
  • 5Davi L, Sadeghi A, Winandy M. Ropdefender: A Detection Tool to Defend Against Return-oriented Programming Attacks[R]. Ruhr-University, Tech. Rep.: HGI-TR-2010-001, 2010.
  • 6Francillon A, Perito D. Defending Embedded Systems Against Control Flow Attacks[C] //Proc. of ACM Workshop on Secure Execution of Untrusted Code. New York, USA: ACM Press, 2009.
  • 7Kernels J L, Zhi Wang, Jiang Xuxian, et al. Defeating Return- oriented Rootkits with Return-less Kernels[C] //Proc. of EUROSYS’10. New York, USA: [s. n.] , 2010.
  • 8Checkoway S, Shacham T. Escape from Return-oriented Programming: Return-oriented Programming Without Returns[C] // Proc. of ACM CCS’10. San Diego, USA: [s. n.] , 2010.
  • 9Bletsch T, Jiang Xuxian. Jump-oriented Programming: A New Class of Code-reuse Attack[R]. Association for Computing Machinery, Tech. Rep.: TR-2010-8, 2010.
  • 10Luk C K, Cohn P. Building Customized Program Analysis Tools with Dynamic Instrumentation[C] //Proc. of ACM SIGPLAN Conference on Programming Language Design and Implement- ation. New York, USA: [s. n.] , 2005.

共引文献11

同被引文献31

  • 1IDC.IDC’s worldwide quarterly Ethernet switch and router tracker shows record ethernet switch market size,weaker router market[EB/OL].(2014-12-03)[2015-03-15].http:∥www.idc.com/getdoc.jsp?containerId=prUS25266314.
  • 2LINDER F.Design and software vulnerability in embedded system[EB/OL].(2003-04-25)[2014-08-19].https:∥www.blackhat.com/presentation/bh-usa-03/bh-us-03-fx.pdf.
  • 3LYNN M.The holy grail:Cisco IOS shellcode and exploitation techniques[EB/OL].(2005-11-12)[2014-10-14].http:∥cryptome.org/lynn-cisco.pdf.
  • 4MUNIZ S.Killing the myth of Cisco IOS rootkits:DIK(Da IOS rootKit)[EB/OL].(2008-03-26)[2014-06-19].http:∥www.coresecurity.com/content/killing-the-myth-cisco-ios.pdf.
  • 5LINDER F.Cisco IOS router exploitation[EB/OL].(2009-06-22)[2014-09-02].http:∥www.blackhat.com/presentations/bh-usa-09/Linder/BH_US_09_Linder_RouterExploit_PAPER.pdf.
  • 6MUNIZ S,ORTEGA A.Fuzzing and debugging Cisco IOS[EB/OL].(2011-12-21)[2014-07-18].http:∥www.pdfpedia.com/download/13758/fuzzing-and-debugging-cisoc-ios-blackhat-europe-2011-pdf.html.
  • 7LINDER F.Developments in Cisco IOS forensics[EB/OL].(2009-08-14)[2013-03-10].http:∥www.blackhat.com/presentions/bn-usa-08/Linder/BH_US_08_Linder_Developments_in_IOS_Froensics.pdf.
  • 8Recurity Labs.CIR[EB/OL].(2008-02-16)[2014-01-12].http:∥cir.recurity.com.
  • 9SU Xiaoyan,WU Dongying,XIAO Da,et al.Research on Cisco IOS security mechanisms[C]∥Proceedings of the International Conference on Computer Science and Information Technology.Piscataway,NJ,USA:IEEE,2012,51:653.
  • 10COWAN C,PU C,MAIER D,et al.StackGuard:automatic adaptive detection and prevention of bufferoverflow attacks[C]∥Proceedings of the 7th Conference on USENIX Security Symposium.Berkeley,CA,USA:USENIX,1998:63-78.

引证文献3

二级引证文献12

计算机应用
2015年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部