Data flow monitoring-based code reuse attack defending method and system

An attack defense system and code reuse technology, applied in the field of code reuse attack defense methods and systems based on data flow monitoring, can solve problems such as high overhead and data protection

Active Publication Date: 2018-05-29
HUAZHONG UNIV OF SCI & TECH
View PDF2 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are certain deficiencies and limitations in the above method: (1) With the page as the protection granularity, since the code page contains some data, it is necessary to separate the data and code in the code page
(2) All control flow transfers need to be inserted, and the overhead is large
(3) Only the code is protected, but the data is not protected, such as some sensitive data: pointers and return addresses. New code reuse attacks use the contents of the data (encrypted function pointers and return addresses on the stack) ), still able to guess the location of the code fragment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data flow monitoring-based code reuse attack defending method and system
  • Data flow monitoring-based code reuse attack defending method and system
  • Data flow monitoring-based code reuse attack defending method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0068] This embodiment is implemented using the MPX instruction set. MPX (Memory Protection Extension) is a special instruction set on the X86_64 platform, which provides a set of boundary registers %bnd0-%bnd3, and a set of detection instructions, including bndcl, bndcu, etc. MPX is usually used to detect buffer overflow, data out of bounds, etc., and has the characteristics of high efficiency...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a data flow monitoring-based code reuse attack defending method and system, and belongs to the technical field of system security. The method comprises the steps of firstly extracting function and data information through source codes of a target program and a shared library; then analyzing intermediate language codes; identifying a memory access instruction in the target program and the shared library; and performing instrumentation on the instruction and generating a function jumping table and instruction relocating information. During target program loading, segments, stacks and heaps of the target program and the shared library are mapped to corresponding regions of a memory address space, and an isolation environment is set. During target program operation, ina mode of monitoring abnormal data flow, an attacker is prevented from performing a search in an isolation region, so that code reuse attack is prevented. The invention furthermore discloses a data flow monitoring-based code reuse attack defending system. The method and the system are suitable for code reuse attack defending in an X86_64 platform, so that huge loss caused by attack can be avoided.

Description

technical field [0001] The invention belongs to the technical field of system security, and more specifically relates to a code reuse attack defense method and system based on data flow monitoring. Background technique [0002] When developers write programs, they often inevitably produce many loopholes. Code reuse attack refers to exploiting vulnerabilities to search for exploitable code fragments in the memory address space of the program when the program is running, and linking them into code sequences that can be executed continuously by modifying function pointers or return addresses (including function sequence, instruction sequence), and make the program execute these code sequences instead. Through code reuse attacks, attackers can hijack programs, obtain system privileges, and execute malicious code, which brings great hidden dangers to the security of applications and operating systems. Code reuse attacks take advantage of the following characteristics of program...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/52G06F21/56
CPCG06F21/52G06F21/563
Inventor 金海邹德清刘本熙
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap