Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

ROP (Return-Oriented Program) protection method based on attack tree

An attack tree and protection program technology, applied in the field of ROP protection based on attack tree, can solve the problems of inappropriate use and high overhead, and achieve the effects of low overhead, improved protection effect, and improved protection efficiency.

Inactive Publication Date: 2016-08-03
NORTHWEST UNIV
View PDF3 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But CFI has two problems: first: the overhead is large, not suitable for practical use
Second: The current CFI adopts a context-insensitive approach, which can still be bypassed by attackers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ROP (Return-Oriented Program) protection method based on attack tree
  • ROP (Return-Oriented Program) protection method based on attack tree
  • ROP (Return-Oriented Program) protection method based on attack tree

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The ROP protection method based on attack tree of the present invention, see figure 1 , including the following steps:

[0031] Step 1, select the program and system library files to be protected

[0032] It is specifically mentioned here that the system library file is also used as an input. The reason is that the system library file comes with the operating system, and there are also gadgets instruction fragments in it. Some remote attacks target system library files if the attacker finds gadgets instruction fragments in the system library files and hijacks the control flow, so that the attacker can still perform control flow hijacking attacks without knowing the source code.

[0033] Step 2, extract the gadgets instruction fragments in the program to be protected and the system library file

[0034] To extract the gadgets instruction fragments in the program to be protected and the library file, an existing tool can be used, such as the mona plug-in. The mona plug...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an ROP (Return-Oriented Program) protection method based on an attack tree and belongs to the field of software security of computers. The ROP protection method comprises the following steps: extracting gadgets instruction segments from a program to be protected and a system library file; determining the type of each extracted gadgets instruction segment, and selecting a plurality of sensitive system functions; carrying out attack modeling by utilizing the extracted gadgets instruction segments through a method of constructing the attack tree, and analyzing all attack methods to obtain key gadgets; finally, protecting the key gadgets. The program is protected by utilizing an attack modeling manner, so that the difficulty that an attacker hijacks a control flow is enhanced and the protection efficiency is improved, and finally, the program control flow is safer.

Description

technical field [0001] The invention belongs to the field of computer software security, and relates to a Return-Oriented Program (ROP) attack technology in response to control flow hijacking, in particular to an attack tree-based ROP protection method. Background technique [0002] Today's software has penetrated into all aspects of life, and plays an increasingly important role in people's diet, travel, transportation and other fields. Control flow hijacking attack is an important threat to software security, how to enhance the protection ability of software has become an important work. [0003] In the prior art, DEP and ASLR are usually used to deal with control flow hijacking attacks. DEP prevents the memory page from being both writable and executable by setting the attributes of the program memory page, so that the method of using the writable page to attack fails. The purpose of ASLR is to randomize the address space of the program, so that the address space obtain...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/12
CPCG06F21/12
Inventor 汤战勇吕留东张恒李政桥房鼎益陈晓江周祥龚晓庆刘方圆陈锋
Owner NORTHWEST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com