Code reuse attack detection system based on dynamic binary translation framework

A dynamic binary and attack detection technology, which is applied in the field of code reuse attack detection system, can solve the problems of high performance overhead and achieve the effect of ensuring operating efficiency and optimizing execution performance

Inactive Publication Date: 2012-09-12
HUNAN UNIV
View PDF4 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Existing defense mechanisms or detection systems have various defici

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code reuse attack detection system based on dynamic binary translation framework
  • Code reuse attack detection system based on dynamic binary translation framework
  • Code reuse attack detection system based on dynamic binary translation framework

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and examples.

[0021] like figure 1 As shown, from the perspective of architecture, the computer system used in the present invention is mainly composed of application program, detection system and kernel space. After the application program is translated and detected by the detection system, the program is executed in the kernel space. The detection system includes four modules: translator, detector, cache, and platform. The workflow of the detection system of the present invention is as follows:

[0022] (1) The application program is loaded into the detection system of the present invention, and the detection system takes over the control right of the application program completely, and completes the system initialization work, such as Cache memory space allocation, creation and initialization of platforms, etc.

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of computer security, and discloses a code reuse attack detection system based on a dynamic binary translation framework. The detection system comprises a translator, a detector, a cache and transition platforms. The translator is used for decoding binary data of a program item by item by using basic blocks as unit. The detector is used for processing commands after decoding, normal operation is guaranteed on the basis of conventional detection, and behaviors of the commands are acquired and detected by centering on attack detection. Mapping relation between sources and translation addresses of the basic blocks are established by the cache, and target codes of the basic blocks, which are generated by translation, are cached. Control flows of the program are managed through the transition platforms, program translation and ordered execution are guaranteed, and a detection and optimization mechanism is provided for commands of the same type. The system can be used for processing non-open source programs, and guaranteeing safe execution of the programs.

Description

technical field [0001] The invention belongs to the field of computer security, in particular to a code reuse attack detection system based on a dynamic binary translation framework. Background technique [0002] The continuous expansion of software scale has led to an increasing number of vulnerabilities, and the popularity of the Internet has made attacks based on software vulnerabilities feature a wide range, multiple methods, and rapid spread, posing a serious threat to user security. The main attack method against buffer overflow vulnerabilities in the early days is code injection. The attacker injects executable binary code into the process address space locally or remotely, changes the control flow of the program and makes the process execute this code. At present, there are a large number of code injection attacks. defense mechanism. [0003] Code reuse attack (Code Reuse Attack) is a relatively common attack method at present. It is the evolution of code injection ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36G06F21/00G06F21/56
Inventor 刘超孙建华陈浩
Owner HUNAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap