ROP (return-oriented programming) on basis of Pin tools and method for dynamically detecting variant attack of ROP

A technology of dynamic detection and detection algorithm, applied in instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as low detection efficiency, achieve the effect of convenient deployment, strong practicability, and overcome single type

Active Publication Date: 2017-11-07
UNIV OF ELECTRONIC SCI & TECH OF CHINA
View PDF3 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Based on the above technical problems, the present invention provides a dynamic detection method for ROP and

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ROP (return-oriented programming) on basis of Pin tools and method for dynamically detecting variant attack of ROP
  • ROP (return-oriented programming) on basis of Pin tools and method for dynamically detecting variant attack of ROP
  • ROP (return-oriented programming) on basis of Pin tools and method for dynamically detecting variant attack of ROP

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] All the features disclosed in this specification, except for mutually exclusive features and / or steps, can be combined in any manner.

[0033] The present invention will be described in detail below in conjunction with the drawings.

[0034] A dynamic detection method for ROP and its variant attacks based on the Pin tool, including the following steps:

[0035] Step 1: Use binary Pin instrumentation tools (such as figure 1 ) Enable the target program, specifically loading PINTOOL.DLL through PIN.EXE, and return the request to start the target program after PINTOOL.DLL is initialized;

[0036] Step 2: Use the binary Pin instrumentation tool to track the target program, and match the ret instruction, call instruction and jmp instruction. The binary Pin instrumentation tool includes a dynamic link library analysis module, a dynamic monitoring module, and an attack detection module;

[0037] The binary instrumentation tool Pin supports IA-32, Intel(R)64 and Intel(R) many integrated c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of attack detection, and discloses ROP (return-oriented programming) on the basis of Pin tools and a method for dynamically detecting variant attack of the ROP. The method includes steps of 1, enabling target programs by the aid of binary Pin instrumentation tools; 2, tracking the target programs and matching ret instructions, call instructions and jmp instructions with one another; 3, detecting the variant attack by the aid of detection modules on the basis of the ret instructions if the ret instructions are available, detecting the variant attack by the aid of detection modules on the basis of the call instructions if the call instructions are available and detecting the variant attack by the aid of detection modules on the basis of the jmp instructions if the jmp instructions are available; 4, raising attack alarm if exception of the target programs is detected by the detection modules or skipping to the step 2. The ROP and the method have the advantages that the ROP and the variant attack of the ROP can be dynamically detected, and the ROP and the method are extremely high in practicality and universality.

Description

Technical field [0001] The invention relates to a detection technology for ROP attacks, in particular to a dynamic detection method for ROP and its variant attacks based on a Pin tool, which is used for detecting ROP and its variant attacks. Background technique [0002] There are many types of network security, such as: network physical security, network topology security, network system security, application system security, and network management security. However, the present invention relates to application system security. All kinds of software running on the computer are manually written. Due to human limitations, the written software has more or less loopholes. Buffer overflow vulnerabilities, heap overflow vulnerabilities, and local privilege escalation vulnerabilities are still common. Once these vulnerabilities are discovered and used by people with ulterior motives, the harm they bring cannot be underestimated. In order to deal with the harm caused by loopholes, expe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/52G06F21/56
CPCG06F21/52G06F21/566
Inventor 张小松牛伟纳曹思宇
Owner UNIV OF ELECTRONIC SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap