检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]电子科技大学计算机科学与工程学院,成都611731
出 处:《小型微型计算机系统》2013年第7期1625-1630,共6页Journal of Chinese Computer Systems
基 金:保密通信国防科技重点实验室基金项目(9140C1104020903)资助
摘 要:Returned-Oriented-Programming(ROP)攻击能突破传统防御机制如DEP和W⊕X.目前ROP攻击检测误报率较高,无法准确区分ROP攻击与正常指令执行.ROP攻击需执行系统调用完成攻击,执行系统调用前寄存器须设置为正确的值,并且每条x86指令对应一个或多个gadget.基于上述特点,提出一种有效的二进制代码级ROP攻击检测方法:截获返回指令并作为起始点计算gadget数目,并在系统调用执行前判断寄存器是否被修改为与其参数类型相同的值.该方法不依赖启发式学习,能准确检测栈溢出的ROP攻击.通过动态插桩工具实现原型系统,对ROP攻击和正常程序进行了测试,实验结果表明系统漏报率和误报率较低,且性能损失较小.Return-Oriented-Programming(ROP) attacks can bypass traditional defenses such as DEP and W ⊕ X.Current detection techniques have high false positives w hich are unable to accurately distinguish attacks from normal instruction execution.ROP attacks need to invoke system calls to achieve attacking goal,before w hich registers must be set to correct values;also each x86 instruction corresponds to one or more gadgets.Bases on such characteristics,a new ROP attack defense technique on binary level w as proposed: it intercepts return instructions,from w hich counts the number of gadgets,then check w hether registers have been changed to correct values just before invoking system call.It does not rely on heuristics and provides accurate detection of ROP attacks by stack smashing.Prototype system is implemented w ith dynamic binary instrumentation tool,and w e evaluated the system w ith normal programs and ROP attacks.Experiment results show it causes low false positives and negatives w hile makes little overhead.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249