利用返回地址保护机制防御代码复用类攻击  被引量:2

Prevention of Code Reuse Attacks through Return Address Protection

在线阅读下载全文

作  者:陈林博[1] 江建慧[1] 张丹青[1] 

机构地区:[1]同济大学软件学院,上海201804

出  处:《计算机科学》2013年第9期93-98,102,共7页Computer Science

摘  要:尽管现有多种防御方法和技术,但是针对软件系统和网络的攻击仍然是难以防范的威胁。在引入只读/写和地址空间随机化排列方法后,现代操作系统能有效地应对恶意代码注入类型的攻击。但是攻击者可以利用程序中已经存在的代码,将其组装成具有图灵完全计算功能的连续的代码块,用以绕过已有的防御机制。针对代码复用类攻击防御方法的局限性,提出了一种利用返回地址实时保护机制的防御方法,以有效防御代码复用类攻击,特别是ROP攻击。在程序运行时,通过对其栈中返回地址值的加密保护和实时检测,防止所有的以0xC3字符(即ret指令)结尾的短序列代码段的连续执行。该方法不需要源代码和调试信息,能完全防御ROP攻击,并且其性能开销也具有明显的优势。Despite the numerous prevention and protection techniques that have been developed, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. Be-cause of the adoption of the write or execute only policy (W + X) and address space layout randomization (ASLR), modem operate systems have been strengthened against code injection attacks. However, attackers have responded by employing code reuse attacks, in which software vulnerability is exploited to weave control flow through existing code base. Solutions targeting different aspects of the attack itself have got some success, but none of them can be a silver bullet. Under this situation, a novel defense technique was presented in order to prevent code reuse attacks, especially return-oriented programming (ROP) attacks. This new defense technique, which was benefit from the protection of re-turn address, could dynamically prevent the execution of gadgets ending with Oxc3. Without requiring access to side in-formation such as source code or debugging information, this defense technique could prevent ROP attacks with low performance overhead.

关 键 词:代码复用类攻击 ROP攻击 返回地址保护 二进制代码动态翻译 

分 类 号:TP303.08[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象