节点文献
针对ROP攻击的动态运行时检测系统
Dynamic Runtime Detection System for Return-oriented Programming Attack
【摘要】 根据面向返回的编程(ROP)攻击及其变种的攻击原理,设计一个针对ROP攻击的动态运行时检测系统。该系统包括静态插桩和动态运行监控2个阶段。静态插桩为待检测程序装配分析代码,动态运行利用ret完整性检测、call完整性检测和jmp完整性检测方法分析程序的控制流和数据流,判断是否为ROP攻击。实验结果表明,该方法能完全检测出ROP恶意代码。
【Abstract】 Return-oriented Programming(ROP) is a new attack based on code-reuse technique.This paper proposes a dynamic runtime detection system for return-oriented programming attack,studies the intrinsic nature of ROP and its variant.According to these nature,it designs ret integrity checking,call integrity checking and jmp integrity checking.The detecting system is implemented to static instrument and dynamic run-time checking.Static instrument assemble the analysis code into the program to be detected and dynamic run-time checking do the real detection with the three integrity checking.Preliminary experimental results show that the method can efficiently detect ROP malicious code and have no false positives and negatives.
【Key words】 Return-oriented Programming(ROP); malicious code; ROP detection; JOP detection;
- 【文献出处】 计算机工程 ,Computer Engineering , 编辑部邮箱 ,2012年04期
- 【分类号】TP309
- 【被引频次】12
- 【下载频次】272