Code reuse attach detection method based on virtual function table inheritance relation

A technology of virtual function table and inheritance relationship, applied in error detection/correction, electrical digital data processing, software testing/debugging, etc., can solve the problems of high performance overhead, low accuracy, poor generality, etc. speed, improved accuracy

Active Publication Date: 2016-10-12
NANJING UNIV
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In view of the problems of poor versatility, low accuracy and high performance overhead in the detection process of the current code reuse att

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Code reuse attach detection method based on virtual function table inheritance relation
  • Code reuse attach detection method based on virtual function table inheritance relation
  • Code reuse attach detection method based on virtual function table inheritance relation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The following description and drawings sufficiently illustrate specific embodiments of the invention to enable those skilled in the art to practice them. Other embodiments may incorporate structural, logical, electrical, process, and other changes. The examples represent only possible variations. Unless expressly required, individual components and functions are optional and the order of operations may vary. Portions and features of some embodiments may be included in or substituted for those of other embodiments.

[0043] like figure 1 As shown, in some illustrative embodiments, a method for detecting code reuse attacks based on virtual function table inheritance relationship is provided, including:

[0044] 101: Preprocessing. The executable file is preprocessed to generate an intermediate language file, including: using the tool toil of the binary program behavior monitoring and analysis platform, taking the executable file as input, disassembling and converting ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a code reuse attach detection method based on virtual function table inheritance relation; the method comprises the following steps: pretreatment; virtual function invoke point identification; virtual function table identification; virtual function table inheritance relation identification; protection detection. The method can analyze an executable file, can carry out control flow integrity protection on virtual function invoke points in the code according to the virtual function table inheritance relation, can detect the code reuse attach, can prevent the conventional detection strategy that uses source codes to obtain a valid virtual function set or takes all virtual functions as valid set, thus providing better detection precision and speed, improving code reuse attach detection accuracy, versatility and efficiency.

Description

technical field [0001] The invention belongs to the technical field of code reuse attack detection methods, in particular to a code reuse attack detection method based on virtual function table inheritance relationship. Background technique [0002] The C++ language supports dynamic binding, and there are a large number of indirect jumps generated by virtual function calls in the code, which are easily exploited by attackers, and code reuse attacks do not need to inject attack code, which has good concealment and graphics The complete and flexible computing power brings great harm to the security of the user's computer system. Integrity protection for the control flow of virtual function call points is one of the important means to detect code reuse attacks. However, the current code reuse attack detection methods have shortcomings such as limited application range, inaccuracy, and large time overhead during the detection process, which affect the applicability of the detec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/36
CPCG06F11/3644G06F11/366G06F11/3688
Inventor 曾庆凯朱伟
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap