A-R漏洞:基于长序列的自动ROP漏洞

2014 IEEE Eighth International Conference on Software Security and Reliability-Companion Pub Date : 2014-06-30 DOI:10.1109/SERE-C.2014.22

Chao Yang, Tao Zheng, Zhitian Lin

{"title":"A-R漏洞:基于长序列的自动ROP漏洞","authors":"Chao Yang, Tao Zheng, Zhitian Lin","doi":"10.1109/SERE-C.2014.22","DOIUrl":null,"url":null,"abstract":"More attention has been paid to program security since ROP had been proposed. An ROP defence scheme based on detecting frequent set sequences was designed in 2009 and it was proved an useful way to defend most ROP attacks. However, this scheme was bypassed by Lgadget, which makes use of long ret sequences and was proposed by J Cao in 2013. Based on J Cao's work, this paper improves the Lgadgets and designs a frame work automatically distributing gadgets addresses into the stack to trigger an ROP exploit. Our work includes turing-complete gadgets gathering, definition and compilation of upper level language, and automated linking and chaining of the gadgets in the stack. We demonstrate the viability and effectiveness of this kind of automatic exploit.","PeriodicalId":373062,"journal":{"name":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A-R Exploit: An Automatic ROP Exploit Based on Long Sequence\",\"authors\":\"Chao Yang, Tao Zheng, Zhitian Lin\",\"doi\":\"10.1109/SERE-C.2014.22\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"More attention has been paid to program security since ROP had been proposed. An ROP defence scheme based on detecting frequent set sequences was designed in 2009 and it was proved an useful way to defend most ROP attacks. However, this scheme was bypassed by Lgadget, which makes use of long ret sequences and was proposed by J Cao in 2013. Based on J Cao's work, this paper improves the Lgadgets and designs a frame work automatically distributing gadgets addresses into the stack to trigger an ROP exploit. Our work includes turing-complete gadgets gathering, definition and compilation of upper level language, and automated linking and chaining of the gadgets in the stack. We demonstrate the viability and effectiveness of this kind of automatic exploit.\",\"PeriodicalId\":373062,\"journal\":{\"name\":\"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-06-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SERE-C.2014.22\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Eighth International Conference on Software Security and Reliability-Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2014.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

自ROP被提出以来，程序安全性受到了越来越多的关注。2009年设计了一种基于检测频繁集序列的ROP防御方案，并被证明是防御大多数ROP攻击的有效方法。然而，该方案被Lgadget绕过，该方案利用了长ret序列，由J Cao在2013年提出。在曹俊的基础上，改进了lgadget，设计了一个框架，将gadget地址自动分配到堆栈中，从而触发ROP攻击。我们的工作包括图完整的小工具收集，上层语言的定义和编译，以及堆栈中小工具的自动链接和链接。我们证明了这种自动攻击的可行性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A-R Exploit: An Automatic ROP Exploit Based on Long Sequence

More attention has been paid to program security since ROP had been proposed. An ROP defence scheme based on detecting frequent set sequences was designed in 2009 and it was proved an useful way to defend most ROP attacks. However, this scheme was bypassed by Lgadget, which makes use of long ret sequences and was proposed by J Cao in 2013. Based on J Cao's work, this paper improves the Lgadgets and designs a frame work automatically distributing gadgets addresses into the stack to trigger an ROP exploit. Our work includes turing-complete gadgets gathering, definition and compilation of upper level language, and automated linking and chaining of the gadgets in the stack. We demonstrate the viability and effectiveness of this kind of automatic exploit.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE Eighth International Conference on Software Security and Reliability-Companion

自引率

0.00%

发文量