摘要
内存数据被污染往往是程序漏洞被利用的本质所在,从功能角度把内存数据划分为控制相关和非控制相关,由此引出控制流劫持攻击和非控制数据攻击。两者危害程度相当,前者因利用成本较低而成为主流,但随着控制流劫持防御方法的不断完善,非控制数据攻击逐渐被重视。研究者先后在顶级会议上提出了数据导向攻击得自动化利用框架Data-oriented Exploits(DOE)以及图灵完备性地证明Data-oriented Programming(DOP),使得非控制数据攻击成为热点。本文基于这两种攻击形式,首先简化内存安全通用模型,并对经典内存数据污染攻击和防御的原理进行分析,其次分别论述新型控制流劫持和非控制数据攻击与防御的研究现状,最后探讨内存安全领域未来的研究方向,并给出两者协作攻击和防御的可能方案。
Memory corruption is one of the important research about computer security, and it's the essence of programs being exploited. Memory data is divided into control-related and non-control related from the angle of function, which leads to control flow hijacking attacks and non-control data attacks. The threats of both are almost the same. The former became mainstream because of the lower costs. With the continuous improvement of control flow hijacking defense methods, non-control data attacks are valued gradually. Researchers have presented automatic generation of Data-oriented Exploits (DOE) and Turing-complete Data-oriented Programming (DOP) at the top-level meeting. This paper simplifies the general model of memory security based on the two types of attacks. We analyze the principles of classic memory corruption, and summary its research status systematically by introducing new control flow hijacking and non-control data attack and defense. Then we discuss future research direction of memory security, and give the possible schemes of collaborative attack and defense.
作者
马梦雨
陈李维
孟丹
MA Mengyu CHEN Liwei MENG Dan(Institute of Information Engineering, Chinese Academy of Science, Beijing 100093, China School of Cyber Security, University of Chinese Academy of Science, Beijing 100049, China)
出处
《信息安全学报》
CSCD
2017年第4期82-98,共17页
Journal of Cyber Security
基金
国家自然科学基金(61602469)资助
