簡易檢索 / 詳目顯示
| 研究生: |
侯均靜 Hou, Chun-Ching |
|---|---|
| 論文名稱: | ROPRD: A Solution to Detect Real-time Zero-day ROP Attacks |
| 指導教授: |
許富皓
Fu-Hau Hsu |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 論文出版年: | 2019 |
| 畢業學年度: | 107 |
| 語文別: | 中文 |
| 論文頁數: | 39 |
| 中文關鍵詞: | 緩衝區溢位 、返回導向程式設計 |
| 外文關鍵詞: | Buffer Overflow, ROP |
| 相關次數: | 點閱:6 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
返回導向程式設計(Return-Oriented Programming)是一種非常常見的緩衝區溢位攻擊,攻擊者可以蒐集程式的機器語言指令(Gadget),藉由這些指令序列來覆蓋掉堆疊上的返回地址,以達成控制程式執行流程的目的。
本論文設計了一套解決方案,名為 ROPRD ,透過修改 Linux Kernel 及 Binary Rewrite,在盡量不影響系統架構及效能的狀況下,來達成 ROP 攻擊的即時偵測。
Return-Oriented Programming (ROP) is a common Buffer-Overflow Attack. The attacker can collect some machine code in the program, which called 'Gadget', combine those gadgets, and change the return address on the stack. This will cause the program execution process to be controlled by the attacker.
We design a solution called ROPRD. We can detect ROP attacks in real-time without affecting the system architecture and performance by modifying Linux Kernel and using binary rewrite tool.
[1] M. Abad, M. Budiu, Ú. Erlingsson, and J. Ligatti, “Control-flow integrity,” Proceedings of the 12th ACM conference on Computer and communications security, pp. 340–353, Nov. 7, 2005. doi: 10.1145/1102120.1102165. [Online]. Available: https://dl.acm.org/citation.cfm?id=1102165. [2] JonathanSalwan. (2019). Ropgadget, [Online]. Available: https://github.com/ JonathanSalwan/ROPgadget (visited on 07/16/2019). [3] P. Wagle and C. Cowan, “Stackguard: Simple stack smash protection for gcc,” in Proceedings of the GCC Developers Summit, Ottawa, Ontario, CA: GCC Summit, 2003, pp. 243–255. [Online]. Available: ftp://gcc.gnu.org/pub/gcc/summit/ 2003/Stackguard.pdf. [4] (2019). Gcc, [Online]. Available: https://gcc.gnu.org/ (visited on 07/16/2019). [5] T. Chiueh and F. Hsu, “Rad: A compile-time solution to buffer overflow attacks,” in Proceedings 21st International Conference on Distributed Computing Systems, Apr. 2001, pp. 409–417. doi: 10.1109/ICDSC.2001.918971. [6] Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng, “Ropecker: A generic and practical approach for defending against rop attacks,” NDSS, Feb. 22, 2014. doi: 10.14722/ndss.2014.23156. [Online]. Available: https://www.ndss-symposium. org/ndss2014/programme/ropecker-generic-and-practical-approachdefending-against-rop-attacks/. [7] P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie, “Drop: Detecting returnorientedprogrammingmaliciouscode,”inInformationSystemsSecurity,A.Prakash andI.SenGupta,Eds.,Berlin,Heidelberg:SpringerBerlinHeidelberg,2009,pp.163– 177, isbn: 978-3-642-10772-6. [8] H. Zhou, X. Wu, W. Shi, J. Yuan, and B. Liang, “Hdrop: Detecting rop attacks using performance monitoring counters,” in Information Security Practice and Experience, X. Huang and J. Zhou, Eds., Cham: Springer International Publishing, 2014, pp. 172–186, isbn: 978-3-319-06320-1. [9] M. Polychronakis and A. D. Keromytis, “Rop payload detection using speculative code execution,” in 2011 6th International Conference on Malicious and Unwanted Software, Oct. 2011, pp. 58–65. doi: 10.1109/MALWARE.2011.6112327. [10] N. Carlini and D. Wagner, “ROP is still dangerous: Breaking modern defenses,” in 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA: USENIX Association, 2014, pp. 385–399, isbn: 978-1-931971-15-7. [Online]. Available: https://www.usenix.org/conference/usenixsecurity14/technicalsessions/presentation/carlini.
22
[11] (2019). Llvm, [Online]. Available: https://llvm.org (visited on 07/16/2019). [12] F. Bellard. (2019). Qemu, [Online]. Available: https://www.qemu.org/ (visited on 07/16/2019). [13] (2011). Cve-2011-1938, [Online]. Available: https://www.exploit-db.com/ exploits/17486 (visited on 08/04/2019). [14] (2019). Mcsema, [Online]. Available: https://github.com/trailofbits/mcsema (visited on 07/16/2019).
