检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李昆仑[1] 巩春景 李尚然 王琳[1] 张德智 LI Kun-lun;GONG Chun-jing;LI Shang-ran;WANG Lin;ZHANG De-zhi(College of Electronic and Information Engineering,Hebei University,Baoding 071000,China)
机构地区:[1]河北大学电子信息工程学院,河北保定071000
出 处:《小型微型计算机系统》2018年第12期2657-2661,共5页Journal of Chinese Computer Systems
基 金:国家自然科学基金项目(61672205)资助
摘 要:尽管有许多防御和保护机制已经被引入到现代操作系统中,但内存泄漏漏洞仍然对软件系统和网络安全造成巨大威胁.对于返回导向式编程ROP攻击(Return Oriented Programming)通常利用缓冲区溢出漏洞改写函数的返回地址,而函数指针在c/c++中普遍存在,比如struct结构体和虚函数中都含有大量的函数指针.本文通过实验表明了覆盖函数指针发起的ROP攻击是存在的并且提出fpDetect检测方法用来检测这种攻击.采取二进制代码插桩技术与动态检测相结合,大大提高了检测的准确性.通过实验证明了fpDetect检测方法可以应用在Linux和windows操作系统中.Although many defense and protection mechanisms have been introduced into modern operating systems,memory leaks still create a huge threat to software systems and network security. The ROP attack usually uses the buffer overflow vulnerability to rewrite the return address of the function,and the function pointers are ubiquitous in c/c + +. for example,the struct and the virtual function contain a large number of function pointers. In this paper,we have been proved that the ROP attack initiated by the coverage function pointer exists,and proposed a fpDetect detection method to detect such attacks. The combination of binary code piling technology and dynamic detection greatly improves the accuracy of detection. Experiments prove that the fpDetect detection method can be applied in Linux and windows operating systems.
关 键 词:ROP 缓冲区溢出 函数指针 二进制代码插桩 动态检测
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15