JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Detection Mechanism against Code Re-use Attack in Stack region
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Detection Mechanism against Code Re-use Attack in Stack region
Kim, Ju-Hyuk; Oh, Soo-Hyun;
  PDF(new window)
 Abstract
Vulnerabilities related to memory have been known as major threats to the security of a computer system. Actually, the number of attacks using memory vulnerability has been increased. Accordingly, various memory protection mechanisms have been studied and implemented on operating system while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as Return-Oriented Programing(ROP) and Jump-Oriented Programming(JOP) called Code Re-used attack to bypass the memory protection mechanism. Thus, in this paper, I analyzed code re-use attack techniques emerged recently among attacks related to memory, as well as analyzed various detection mechanisms proposed previously. Based on the results of the analyses, a mechanism that could detect various code re-use attacks on a binary level was proposed. In addition, it was verified through experiments that the proposed mechanism could detect code re-use attacks effectively.
 Keywords
Return-Oriented Programming;Jump-Oriented Programming;Code Re-use attack;
 Language
Korean
 Cited by
1.
리눅스의 비정상 권한 획득 태스크의 탐지방법 연구,김원일;유상현;곽주현;이창훈;

정보처리학회논문지:컴퓨터 및 통신 시스템, 2014. vol.3. 11, pp.427-432 crossref(new window)
 References
1.
Aleph. One. "Smashing The Stack For Fun And Profit", Phrack49, 1996

2.
Microsoft TechNet, "Data Execution Prevention", http://technet.microsoft.com/ko-kr/library/cc738483 (WS.10).aspxc0ntex, "Bypassing non-executable stack during exploitation using return-to-libc", http://www.infosecwriters.com/text/resources/pdf/ return-to-libc.pdf

3.
H. Shacham. "The Geometry of Innocent Flesh on the Bone: Return-Into-Libc without Function Calls (on the x86)", the 14th ACM Conference on Computer and Communications Security, 2007 DOI: http://dx.doi.org/10.1145/1315245.1315313 crossref(new window)

4.
Pax Project, "address space layout randomization", http://pax.grsecurity.net/docs/aslr.txt, 2003

5.
Ju-Hyuk Kim, Jin-Ho Choi, Yo-Ram Lee, Soo-Hyun Oh, "Study on Return-Oriented Programming in Mac OSX", CISC-W 2011, pp. 146-149, 2011

6.
S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, "Return-oriented programming without returns", CCS 2010, 2010

7.
T. Bletsch, X. Jiang, V. Freeh, "Jump-Oriented Programming: A New Class of Code-Reuse Attack", In CSC Technical Report TR-2010-8, NCSU, 2010

8.
Piotr Bania, "Security Mitigations for Return-Oriented Programming Attacks", http://piotrbania.com/all/articles/pbania_rop_mitigations2010.pdf, 2010

9.
Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. G-Free : defeating return-oriented programming through gadget-less binaries. In ACSAC'10, Annual Computer Security Applications Conference, 2010.

10.
P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie. Drop: Detecting return-oriented programming malicious code. In Lecture Notes in Computer Science, 2009.

11.
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy, "ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks", Technical Report HGI-TR-2010-001, 2010.

12.
Ju-Hyuk Kim, Yo-Ram Lee, Soo-Hyun Oh, "A detection mechanism for Jump-Oriented Programming at binary level", Journal of The Korea Institute of Information Securoty & Cryptography, vol. 22 No. 5, pp. 1069-1078, 2012.

13.
Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, GeoLowney, Steven Wallace, Vijay J. Reddi, and Kim Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, volume 40, pages 190-200, New York, NY, USA, 2005

14.
Mehmet Kayaalp, "Example Jump-Oriented Programming Attack", http://cs.binghamton.edu/-mkayaalp/jop.html, 2012