Computer Science ›› 2020, Vol. 47 ›› Issue (6): 284-293.doi: 10.11896/jsjkx.190700109
Special Issue: Information Security
• Information Security • Previous Articles Next Articles
JIANG Chu, WANG Yong-jie
CLC Number:
[1]SOLAR DESIGNER.Getting around non-executable stack (and fix)[EB/OL].https://seclists.org/bugtraq/1997/Aug/63. [2]SHACHAM H.The geometry of innocent flesh on the bone: Return-into-libc without Function Calls (on the x86)[C]//ACM Conference on Computer and Communications Security.2007:552-561. [3]CHECKOWAY S,DAVI L,DMITRIENKO A,et al.Return-Oriented Programming without Returns[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security.2010:559-572. [4]BLETSCH T,JIANG X,FREEH V W,et al.Jump-Oriented Programming:A New Class of Code-Reuse Attack[C]//Proceedings of the 6th ACM Symposium on Information.Computer and Communications Security,2011:30-40. [5]SADEGHI A,NIKSEFAT S,ROSTAMIPOUR M.Pure-Call Oriented Programming ( PCOP ):chaining the gadgets using call instructions[J].Journal of Computer Virology and Hacking Techniques,Springer Paris,2018,14(2):139-156. [6]MICROSOFT.Control Flow Guard[EB/OL].https://docs.microsoft.com/en-us/windows/desktop/secbp/control-flow-guard. [7]ABADI M,BUDIU M,ERLINGSSON U,et al.Control-Flow Integrity:Principles,Implementations,and Applications[J].ACM Computing Surveys,2005,50(1):1-33. [8]HISER J,NGUYEN-TUONG A,CO M,et al.ILR:Where’d my gadgets go?[C]//2012 IEEE Symposium on Security and Privacy.2012:571-585. [9]WARTELL R,MOHAN V,HAMLEN K W,et al.Binary Stirring:Self-randomizing Instruction Addresses of Legacy x86 Binary Code[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security.2012:157-168. [10]PAPPAS V,POLYCHRONAKIS M,KEROMYTIS A D. Smashing the gadgets:Hindering return-oriented programming using in-place code randomization[C]//2012 IEEE Symposium on Security and Privacy.2012:601-615. [11]CHEN X,BOS H,GIUFFRIDA C.CodeArmor:Virtualizing the Code Space to Counter Disclosure Attacks[C]//2017 IEEE European Symposium on Security and Privacy (EuroS&P).2017:514-529. [12]BACKES M,NÜRNBERGER S,PLANCK M,et al.Oxymoron:Making Fine-Grained Memory Randomization Practical by Allowing Code Sharing[C]//23rd USENIX Security Symposium.2014:433-447. [13]SNOW K Z,MONROSE F,DAVI L,et al.Just-in-time code reuse:On the effectiveness of fine-grained address space layout randomization[C]//2013 IEEE Symposium on Security and Privacy.2013:574-588. [14]PAX TEAM.PaX address space layout randomization[EB/ OL].https://pax.grsecurity.net/docs/aslr.txt. [15]GOKTAS E,KOLLENDA B,KOPPE P,et al.Position-Independent Code Reuse:On the Effectiveness of ASLR in the Absence of Information Disclosure[C]//2018 IEEE European Symposium on Security and Privacy (EuroS&P).IEEE,2018:227-242. [16]ZHANG M,SEKAR R.Control Flow Integrity for COTS Binaries[C]//22nd USENIX Security Symposium.2013:337-352. [17]ZHANG C,WEI T,CHEN Z,et al.Practical Control Flow Integrity & Randomization for Binary Executables[C]//2013 IEEE Symposium on Security and Privacy.2013:559-573. [18]VEEN V V D,GOKTAS E,CONTAG M,et al.A Tough Call:Mitigating Advanced Code-Reuse Attacks at the Binary Level[C]//2016 IEEE Symposium on Security and Privacy (SP).2016:934-953. [19]LIU Y,SHI P,WANG X,et al.Transparent and Efficient CFI Enforcement with Intel Processor Trace[C]//2017 IEEE International Symposium on High Performance Computer Architecture (HPCA).2017:529-540. [20]BOSMAN E,BOS H.Framing Signals-A Return to Portable Shellcode[C]//2014 IEEE Symposium on Security and Privacy.2014:243-258. [21]LAN B,LI Y,SUN H,et al.Loop-oriented programming:A new code reuse attack to bypass modern defenses[C]//2015 IEEE Trustcom/BigDataSE/ISPA.2015:190-197. [22]SCHUSTER F,TENDYCK T,LIEBCHEN C,et al.Counterfeit Object-oriented Programming on the Difficulty of Preventing Code Reuse Attacks in C++Applications[C]//2015 IEEE Symposium on Security and Privacy.2015:745-762. [23]CARLINI N,BARRESI A,PAYER M,et al.Control-Flow Bending:On the Effectiveness of Control-Flow Integrity[C]//24th USENIX Security Symposium.2015:161-176. [24]ISPOGLOU K K,ALBASSAM B,JAEGER T,et al.Block Oriented Programming:Automating Data-Only Attacks[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:1868-1882. [25]BIONDO A,CONTI M,LAIN D.Back To The Epilogue:Evading Control Flow Guard via Unaligned Targets[C]//Network and Distributed Systems Security (NDSS) Symposium.2018. [26]JIANG C,WANG Y J.A Technique of gadget Semantic Analysis Based on Expression Tree[J/OL]. Computer Engineering:1-10[2020-05-28].https://doi.org/10.19678/j.issn.1000-3428.0056671. [27]SCHWARTZ E J,AVGERINOS T,BRUMLEY D.Q?: Exploit Hardening Made Easy[C]//USENIX Security Symposium. 2011: 2541. |
[1] | Jeffrey ZHENG. Meta Knowledge Intelligent Systems on Resolving Logic Paradoxes [J]. Computer Science, 2022, 49(1): 9-16. |
[2] | CHEN Lin-bo,JIANG Jian-hui and ZHANG Dan-qing. Prevention of Code Reuse Attacks through Return Address Protection [J]. Computer Science, 2013, 40(9): 93-98. |
[3] | LEE Yick Kuen , CHENG Lee Lung. Another Side of the Wall--Deeper Thinking in Turing Model [J]. Computer Science, 2011, 38(9): 282-287. |
[4] | ZHANG Hai-su,ZHANG Song-lin,CHEN Gui-sheng. Computational Emergence and its Constrained Generating Procedure Model [J]. Computer Science, 2011, 38(7): 302-305. |
[5] | WANG Qian,FENG Ya-jun,YANG Zhao-min,YAO Lei. Network Attack Model Based on Ontology and its Application [J]. Computer Science, 2010, 37(6): 114-117. |
[6] | YANG Lin, HUO Yue-hua (China University of Mining & Technology,Beijing 100083,China). [J]. Computer Science, 2009, 36(3): 109-111. |
[7] | YU Li, DONG Si-Wei, GUO Bin (Information School, Renmin University of China, Beijing 100872). [J]. Computer Science, 2007, 34(5): 134-138. |
[8] | MAO Han-Dong, CHEN Feng ,ZHANG Wei-Ming, ZHU Cheng (School of Information System and Management, NUDT, Changsha 410073). [J]. Computer Science, 2007, 34(11): 50-55. |
[9] | . [J]. Computer Science, 2006, 33(4): 234-235. |
[10] | . [J]. Computer Science, 2006, 33(12): 78-80. |
|