Computer Science ›› 2022, Vol. 49 ›› Issue (10): 279-284.doi: 10.11896/jsjkx.220500091
• Information Security • Previous Articles Next Articles
HOU Shang-wen, HUANG Jian-jun, LIANG Bin, YOU Wei, SHI Wen-chang
CLC Number:
| [1]The PaX Team.Pax:non-executable pages design & implementation[EB/OL].https://pax.grsecurity.net/docs/noexec.txt. [2]COntex.Bypassing non-executable-stack during exploitationusing return-to-libc[EB/OL].http://css.csail.mit.edu/6.858/2014/readings/return-to-libc.pdf. [3]SHACHAM H.The geometry of innocent flesh on the bone:Returninto-libc without function calls(on the x86)[C]//Proceedings of the ACM Conference on Computer and Communications Security(CCS'07).2007:552-561. [4]BLETSCH T,JIANG X,FREH V,et al.Jump Oriented Programming:A New Class of Code-Reuse[C]//Proceedings of the 6th ACM Symposium on Information,Computer and Communications Security(ASIACCS '11).2011:30-40. [5]SNOW K Z,MONROSE F,DAVI L,et al.Just-in-time code reuse:On the effective-ness of fine-grained address space layout randomization[C]//IEEE.2013:574-588. [6]VEEN V V D,ANDRIESSE D,STAMATOGIANNAKIS M,et al.The dynamics of innocent flesh on the bone:Code reuse ten years later[C]//the 2017 ACM SIGSAC Conference.ACM,2017:1675-1689. [7]SADEGHI A,NIKSEFAT S,ROSTAMIPOUR M.Pure-calloriented programming(pcop):chaining the gadgets using call instructions[J].Journal of Computer Virology and Hacking Techniques,2018,14(2):139-156. [8]HU H,SHINDE S,ADRIAN S,et al.Data-oriented program-ming:On the expressiveness of non-control data attacks[C]//2016 IEEE Symposium on Security and Privacy(SP).2016:969-986. [9]RAINS T,MILLER M,WESTON D.Exploitation trends:From potential risk to actual risk[C]//RSA Conference.2015. [10]LI X A,SZOR P.Emerging “stack pivoting” exploits bypass common security[EB/OL].https://securingtomorrow.mcafee.com/other-blogs/mcafeelabs/emerging-stack-pivoting-exploits-bypass-common-security/. [11]SCHLOEGEL M,BLAZYTKO T,BASLER J,et al.TowardsAutomating Code-Reuse Attacks Using Synthesized Gadget Chains[C]//ESORICS.2021. [12]ABADI M,BUDIU M,ERLINGSSON Ú,et al.Control-flow integrity[C]//Proceedings of the 12th ACM Conference on Computer and Communications Security.ACM,2005:340-353. [13]MASHTIZADEH A J,BITTAU A,BONEH D,et al.CCFI:Cryptographically enforced control flow integrity[C]//Procee-dings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security.ACM,NY,USA,2015:941-951. [14]DENIS-COURMONT R,LILJESTRAND H,CHINEA C,et al.Camouflage:Hardware-assisted CFI for the ARM Linux kernel[C]//2020 57th ACM/IEEE Design Automation Conference(DAC).2020:1-6. [15]HYEREAN J,MOON C P,DONG H L.IBV-CFI:Efficient fine-grained control-flow integrity preserving CFG precision[J].Computers & Security,2020,94:101828. [16]QIANG W,HUANG Y,JIN H,et al.CloudCFI:Context-Sensitive and Incremental CFI in the Cloud Environment[J].In IEEE Transactions on Cloud Computing,2021,9(3):938-957. [17]FU A M,DING W J,KUANG B Y,et al.FH-CFI:Fine-grained hardware-assisted control flow integrity for ARM-based IoT devices[J].Computers & Security,2022,116:102666. [18]PAX Team.Address Space Layout Randomization[EB/OL].http://pax.grsecurity.net/docs/aslr.txt. [19]BLETSCH T.Code-reuse attacks:New frontiers and defenses[J/OL].https://repository.lib.ncsu.edu/bitstream/handle/1840.16/6698/etd.pdf;jsessionid=DF7DE65EDFDB8C2D7110D1CA2BB6DEAC-sequence=1. [20]POMONIS M.Preventing Code Reuse Attacks On Modern Operating Systems[M].Columbia:Columbia University,2020. [21]MISHRA S,POLYCHRONAKIS M.SGXPecial:SpecializingSGX Interfaces against Code Reuse Attacks[C]//Sixteenth European Conference on Computer Systems(EuroSys'21).2021. |
| [1] | JIANG Chu, WANG Yong-jie. GDL:A Gadget Description Language for General Code Reuse Attack [J]. Computer Science, 2020, 47(6): 284-293. |
| [2] | CHEN Lin-bo,JIANG Jian-hui and ZHANG Dan-qing. Prevention of Code Reuse Attacks through Return Address Protection [J]. Computer Science, 2013, 40(9): 93-98. |
| [3] | . Expanded Application Framework Based on DirectUI [J]. Computer Science, 2012, 39(Z11): 295-300. |
|
||
Home