{"title":"rop++:针对Linux操作系统的增强rop++攻击检测框架","authors":"Vahid Moula, Salman Niksefat","doi":"10.1109/CyberSecPODS.2017.8074849","DOIUrl":null,"url":null,"abstract":"A major security challenge for today's computer software is buffer overflow and other memory-related attacks. To exploit buffer overflow vulnerabilities in presence of the classical defense mechanisms such as write-xor-execute, attackers take advantage of code reuse attacks. The code reuse attacks allow an adversary to perform arbitrary operations on a victim's system by constructing a chain of small code sequences called gadgets that are present in vulnerable program's memory. In order to remedy code reuse attacks, many defense approaches have been proposed, each using a different mechanism for detecting attacks and having its own merits and downsides. In this paper, we analyze and scrutinize one of the most influential Linux-based defense mechanisms called ROPecker. Our analysis shows that ROPecker has weaknesses that may allow an attacker to bypass detection. Then we propose ROPK++ which by adding additional integrity checks, fixes the weaknesses in ROPecker and offers a more effective defensive approach against code reuse attacks in Linux-based systems. We compare the proposed approach with ROPecker in terms of security features and performance overhead and show its superiority and advantages.","PeriodicalId":203945,"journal":{"name":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"ROPK++: An enhanced ROP attack detection framework for Linux operating system\",\"authors\":\"Vahid Moula, Salman Niksefat\",\"doi\":\"10.1109/CyberSecPODS.2017.8074849\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A major security challenge for today's computer software is buffer overflow and other memory-related attacks. To exploit buffer overflow vulnerabilities in presence of the classical defense mechanisms such as write-xor-execute, attackers take advantage of code reuse attacks. The code reuse attacks allow an adversary to perform arbitrary operations on a victim's system by constructing a chain of small code sequences called gadgets that are present in vulnerable program's memory. In order to remedy code reuse attacks, many defense approaches have been proposed, each using a different mechanism for detecting attacks and having its own merits and downsides. In this paper, we analyze and scrutinize one of the most influential Linux-based defense mechanisms called ROPecker. Our analysis shows that ROPecker has weaknesses that may allow an attacker to bypass detection. Then we propose ROPK++ which by adding additional integrity checks, fixes the weaknesses in ROPecker and offers a more effective defensive approach against code reuse attacks in Linux-based systems. We compare the proposed approach with ROPecker in terms of security features and performance overhead and show its superiority and advantages.\",\"PeriodicalId\":203945,\"journal\":{\"name\":\"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSecPODS.2017.8074849\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecPODS.2017.8074849","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
ROPK++: An enhanced ROP attack detection framework for Linux operating system
A major security challenge for today's computer software is buffer overflow and other memory-related attacks. To exploit buffer overflow vulnerabilities in presence of the classical defense mechanisms such as write-xor-execute, attackers take advantage of code reuse attacks. The code reuse attacks allow an adversary to perform arbitrary operations on a victim's system by constructing a chain of small code sequences called gadgets that are present in vulnerable program's memory. In order to remedy code reuse attacks, many defense approaches have been proposed, each using a different mechanism for detecting attacks and having its own merits and downsides. In this paper, we analyze and scrutinize one of the most influential Linux-based defense mechanisms called ROPecker. Our analysis shows that ROPecker has weaknesses that may allow an attacker to bypass detection. Then we propose ROPK++ which by adding additional integrity checks, fixes the weaknesses in ROPecker and offers a more effective defensive approach against code reuse attacks in Linux-based systems. We compare the proposed approach with ROPecker in terms of security features and performance overhead and show its superiority and advantages.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
