  • 柳童,史岗,孟丹.代码重用攻击与防御机制综述[J].信息安全学报,2016,1(2):15-27    [点击复制]
  • LIU Tong,SHI Gang,MENG Dan.A Survey of Code Reuse Attack and Defense Mechanisms[J].Journal of Cyber Security,2016,1(2):15-27   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭


过刊浏览    高级检索

本文已被:浏览 9138次   下载 8048 本文二维码信息
柳童1,2, 史岗1, 孟丹1
(1.中国科学院信息工程研究所 北京 中国 100093;2.中国科学院大学 北京 中国 100049)
关键词:  计算机系统安全  内存攻击  代码重用攻击
A Survey of Code Reuse Attack and Defense Mechanisms
LIU Tong1,2, SHI Gang1, MENG Dan1
(1.Institute of Information Engineering, Chinese Academy of Science, Beijing 100093, China;2.University of Chinese Academy of Science, Beijing 100049, China)
Due to the wide existence of vulnerabilities in computer programs such as C and C++, computer systems is vulnerable to be tampered by adversary changing the original running states. Researchers have made great efforts and take some effective protection mechanisms, for instance, Data Execution Prevention and Address Space Layout Randomization. These security mechanisms have a great effect against the primitive attack patterns like code-injection attack. However, the security of computer system is still not optimistic. Though the adversary could not inject their own codes into the memory then run them ever again, they began to use the original benign codes in the memory, manipulate them to achieve malicious purpose by changing their order of operating, which is called code-reuse attack. And it is able to bypass a variety of security mechanisms of commodity computer systems, thus it has become a major threat and the main pattern of hacking. For this reason, researches about code-reuse attack have been taken up in recent years. This paper illustrates the origin of code-reuse attack and achieved way of attack, summarizes the existing defense mechanisms and simply evaluates these defense mechanisms systematically. Meanwhile, this paper analyzes briefly the basic reason of code reuse attack and puts forward an new idea of defense mechanism designing.
Key words:  computer system security  memory security  code-reuse attack