Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (3): 1-12.doi: 10.11959/j.issn.2096-109x.2018017

• Comprehensive Reviews •     Next Articles

Research progress in code reuse attacking and defending

Xiangdong QIAO1(),Rongxiao GUO1,Yong ZHAO2,3   

  1. 1 Information and Navigation College,Air Force Engineering University,Xi’an 710077,China
    2 Department of Computer Science and Technology,Peking University,Beijing 100871,China
    3 Jiangnan Institute of Computing Technology,Wuxi 214083,China
  • Revised:2018-01-26 Online:2018-03-15 Published:2018-04-09
  • Supported by:
    The National Natural Science Foundation of China(61672061)

Abstract:

Code reuse attacks make use of binary code existed in the attacked target to perform attack action,such technique breaks out the traditional assumption that malicious behavior always be introduced from the outside,it is representative sample of the advanced memory corruption techniques and also the focus of attention in the software security research field.The generation background and implementation principle were described firstly,and then the recent progresses of the technique,including improvement and variants,implementation methods under the different architecture platforms,automatic construction and important extension including blind ROP and non-control data attacks based on code reuse attacks,were introduced respectively.Various defense mechanisms and possible counter-defense methods for code reuse attacks were also discussed.Finally a perspective of the future work in this research area was discussed.

Key words: software security, code reuse, return-oriented programming (ROP), research progress

CLC Number: 

No Suggested Reading articles found!