检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]解放军信息工程大学,郑州450002 [2]数学工程与先进计算国家重点实验室,郑州450002
出 处:《计算机科学》2018年第1期240-244,260,共6页Computer Science
基 金:河南省自然科学基金资助项目(162300410187)资助
摘 要:ROP是一种流行的软件漏洞利用技术,它与ROP检测技术的对抗正在不断升级。主流的ROP检测工具kBouncer和ROPecker通过LBR寄存器追踪间接跳转指令的执行过程,结合ROP特征检测,对传统的ROP以及改进的JOP等攻击行为都有很好的检测效果。Nicholas提出了绕防方法,但它存在可用gadget数量少、实现难度大等问题。提出了一种基于多路径分发的ROP框架构造方法,基于3种类型的gadget模块构造了一个gadget循环执行的框架,在该框架内可以使用丰富的常规gadget,从而形成一条完整、高效的ROP攻击链。实验表明该方法的实现难度低,不仅能够完成复杂的ROP功能,而且特征足够小,能够绕过主流ROP检测工具的检测。ROP is a popular attacking technology used to exploit software vulnerability,and it is always updating to against the technology of defensing ROP.Both kBouncer and ROPecker are the state-of-the-art ROP defense tools,and they are effective in detecting traditional ROP and JOP,and they can trace the process of indirect jump instructions by detecting ROP characters and using LBR register.The bypassing method proposed by Nicholas has the disadvantage that it is hard to find available ROP gadgets.This paper proposed a novel method to organize ROP gadgets.The ROP frame was constructed to execute traditional gadgets in loops by multipath dispatcher.Using this ROP frame,attackers can use plenty of traditional gadgets to execute a complete and efficient ROP chain.The test results show that this method is easy to implement,and it is able to perform complex functions.More importantly,the proposed ROP frame can bypass ROPecker and kBouncer because it has small enough characters.
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.43