检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:乔延松 杜皓睿 赵绪营 QIAO Yansong;DU Haorui;ZHAO Xuying(Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China)
出 处:《北京电子科技学院学报》2021年第4期51-56,共6页Journal of Beijing Electronic Science And Technology Institute
摘 要:本文介绍了一种经典的利用缓冲区溢出漏洞的攻击方法—ROP(Return-Oriented Programming)。详细描述了ROP攻击方法的思想和原理,并和以前的漏洞攻击方法进行比较,给出了他们之间的区别和联系。罗列了目前发现的一些可以结合ROP进行攻击的漏洞,并作了简单描述。相对应的,根据ROP攻击的特征,有针对性地给出静态的和动态的检测方法。最后通过实验方式展现了ROP攻击过程。In this paper, the ROP(Return-Oriented Programming) is introduced, which is a classical method exploiting the buffer overflow vulnerabilities. The idea and principle of the ROP attack method are described in detail. After comparisons, the distinctions and connections between the ROP method and previous vulnerability attack methods are given. Some heretofore discovered vulnerabilities with the possibility of being attacked with the ROP are listed and briefly descripted. Correspondingly, targeted static and dynamic detection methods are given according to the characteristics of the ROP attack. Finally, an ROP attack process is implemented experimentally.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49