[1] |
MICROSOFT. A detailed description of the data execution prevention (dep) feature in windows xp service pack 2[EB/OL]. .
|
[2] |
THE PaX TEAM. PaX project[EB/OL]. .
|
[3] |
DESIGNER S . Bugtraq:getting around non-executable stack (and fix)[EB/OL]. .
|
[4] |
Bypassing non-executable-stack during exploitation using return-to-libc.c0ntex[EB/OL]. .
|
[5] |
MCDONALD J . Defeating solaris/sparc non-executable stack protection[EB/OL]. .
|
[6] |
TIM N . non-exec stack[J]. Bugtraq, 2000.
|
[7] |
KRAHMER S . x86-64 buffer overflow exploits and the borrowed code chunks exploitation techniques[EB/OL]. .
|
[8] |
SHACHAM H , . The geometry of innocent flesh on the bone:retum-into-libc without function calls (on the x86)[C]// ACM conference on Computer and communications security. 2007: 552-561.
|
[9] |
ROEMER R , BUCHANAN E , SHACHAM H ,et al. Return- oriented programming:Systems,languages,and applications[EB/OL]. .
|
[10] |
CHECKOWAY S , DAVI L , DMITRIENKO A . Return-oritend programming without returns[C]// ACM Conference on Computer and Communications Security. 2010: 559-572.
|
[11] |
CHECKOWAY S , SHACHAM H . Escape from return-oriented programming:return-oriented programming without returns (on the x86)[R]. CS2010-0954, 2010.
|
[12] |
PaX TEAM . What the future holds for pax[EB/OL]. .
|
[13] |
BLETSCH T , JIANG X , FREEH V ,et al. Jump-oriented programming:a new class of code reuse attack[EB/OL]. .
|
[14] |
陈平 . 代码复用攻击与防御技术研究[D]. 南京:南京大学, 2012.
|
|
CHEN P . Research on the attack and defense techniques of code reuse[D]. Nanjing:Nanjing University, 2012.
|
[15] |
邢晓 . 自动化构造Jump-Oriented Programming[D]. 南京:南京大学, 2012
|
|
XIAO X . Automatic construction of jump-oriented programming attack[D]. Nanjing:Nanjing University, 2012.
|
[16] |
邢晓, 陈平, 丁文彪, 茅兵, 谢立, . BIOP:自动构造增强型ROP攻击[J]. 计算机学报, 2014,37(5): 1111-1123.
|
|
XIAO X , CHEN P , DING W B,et.al . BIOP:automatic construction of enhanced ROP attack[J]. Chinese Journal of Computers, 2014,37(5): 1111-1123.
|
[17] |
袁平海, 曾庆凯, . ROP图灵完备的普遍可实现性[J]. 软件学报, 2017,28(10): 2583-2598.
|
|
YUAN P H , ZENG Q K . Universal availability of ROP-based turing-complete computation[J]. Chinese Journal of Software, 2017,28(10): 2583-2598.
|
[18] |
KORMAU T . Return oriented programming for the ARM architecture[D]. Bochum:Ruhr University, 2010.
|
[19] |
DAVI L . Return-oriented programming without returns on ARM[R]. Technical Report HGI-TR-2010-002, 2010.
|
[20] |
钱逸, 王轶骏, 薛质 . 基于 ARM 平台的 ROP 攻击及防御技术[J]. 信息安全与保密, 2012,10: 75-77.
|
|
QIAN Y , WANG Y J , XUE Z . ROP attack and defense technology based on ARM[J]. Chinese Information Security and Communication Privacy, 2012,10: 75-77.
|
[21] |
钱逸 . 基于 ARM 架构的 ROP 攻击与防御技术研究[D]. 上海:上海交通大学, 2012.
|
|
QIAN Y . ROP attack and defense technology based on ARM[D]. Shanghai:Shanghai JiaoTong University, 2012.
|
[22] |
FRANCILLON C , CASTELLUCCIA .Code injection attacks on harvard-architecture devices[C]// ACM Conference on Computer and Communications Security. 2008: 15-26.
|
[23] |
CHECKOWAY S , FELDMAN A J , KANTOR B ,et al. Can DREs provide long-lasting security? The case of return-oriented programming and the AVC Advantage[C]// EVT/WOTE 2009.USENIX/ACCURATE/IAVoSS. 2009.
|
[24] |
BUCHANAN E , ROEMER R , SHACHAM H ,et al. When good instructions go bad:generalizing return-oriented programming to RISC[C]// ACM Conference on Computer and Communications Security. 2008: 27-38.
|
[25] |
LIDNER F.Developments in Cisco IOS forensics Confidence 2 . 0[EB/OL]. .
|
[26] |
彭国军, 梁玉, 张焕国 ,等. 软件二进制代重用技术综述[J]. 软件学报, 2017,28(8): 2026-2045.
|
|
PENG G J , LIANG Y , ZHANG H G ,et al. Survey on software binary code reuse technologies[J]. Chinese Journal of Software, 2017,28(8): 2026-2045.
|
[27] |
HUND R , HOLZ T , FREILING F C . Return oriented rootkits:bypassing kernel code integrity protection mechanisms[C]// Usenix Security Symposium. 2009: 383-398.
|
[28] |
LEZ R , . ARM exploitation ROPMap[C]// BlackHat, 2011.
|
[29] |
杨超 . 基于长指令序列的 ROP 攻击的自动化工具的研究与实现[D]. 南京:南京大学,, 2015
|
|
YANG C . Research and implement on an automatic ROP exploit based on long instruction sequence[D]. Naijing:Nanjing University, 2015.
|
[30] |
LONG L D , NGUYEN T . Payload already inside:data re-use for rop exploits[C]// Black Hack in the Box. 2010.
|
[31] |
PAYER M , . String oriented programming circumventing aslr,dep,and other guard[C]// Chaos Communication Congress. 2011: 1-5.
|
[32] |
BITTAU A , BELAY A . MASHTIZADEH and et al.Hacking blind[C]// IEEE Symposium on Security and Privacy. 2014: 227-242.
|
[33] |
HU H , SHINDE S , ADRIAN S ,et al. Data-oriented programming:on the expressiveness of non-control data attacks[C]// The 37th IEEE Symposium Security and Privacy. 2016: 969-986.
|
[34] |
LI J K , WANG Z , JIANG X X ,et al. Defeating return-oriented rootkits with return-less kernels[C]// European conference on Computer systems. 2010: 195-208.
|
[35] |
ONARLIOGLU K , BILGE L , LANZI A .et al. G-free:defeating return-oriented programming through gadget-less binaries[C]// Computer Security Applications Conference. 2010: 49-58.
|
[36] |
GOKTAS E , ATHANASOPOULOS E , BOS H ,et al. Out of control:overcoming control-flow integrity[C]// IEEE Symposium on Security and Privacy. 2014: 575-589.
|
[37] |
CARLINI N , WAGNER D . ROP is still dangerous:breaking modern defenses[C]// Usenix Security Symposium, 2014: 385-399.
|
[38] |
OTGONBAATAR U . Evaluating modern defenses against control flow hijacking[D]. Massachusetts Institute of Technology, 2015.
|
[39] |
王明华, 尹恒 BHASKAR AV ,等. 代码块:面向二进制程序的细粒度控制流完整性校验方法[J]. 信息安全学报, 2016,1(2): 61-72.
|
|
WANG M H , YIN H , BHASKAR A V ,et al. Binary code continent:finer-grained control flow integrity for stripped Binaries[J]. Chinese Journal of Cyber Security, 2016,1(2): 61-72.
|
[40] |
陈志锋, 李清宝, 张平 ,等. 面向 Linux 的内核级代码复用攻击检测技术[J]. 软件学报, 2017,28(7): 1732-1745.
|
|
CHEN Z F , LI Q B , ZHANG P ,et al. Kernel code reuse attack detection technique for Linux[J]. Chinese Journal of Software, 2017,28(7): 1732-1745.
|
[41] |
CHENG Y Q , ZHOU Z W , YU M ,et al. ROPecker:a generic and practical approach for defending against rop attacks[C]// ISOC Network and Distributed System Security Symposium. 2014: 1-14.
|
[42] |
PAPPAS V , POLYCHRONAKIS M , KEROMUTIS A D . Transparent ROP exploit mitigation using indirect branch tracing[C]// USENIX Conference on Security. 2013: 447-462.
|
[43] |
DAVI L , SADEGHI A , WINANDY M . ROPdefender:a detection tool to defend against return-oriented programming attacks[C]// ACM Symposium on Information,Computer and Communications Security. 2011: 40-51.
|
[44] |
HISER J, A , NGUYEN-TUNONG A , CO M ,et al. ILR:where’d my gadgets go?[C]// The 2012 IEEE Symp.On Security and Privacy (SP). 2012: 571-85.
|
[45] |
WARTELL R , MOHAN V , HAMLEN K W ,et al. Binary stirring:self-randomizing instruction addresses of legacy x86 binary code[C]// The 2012 ACM Conf.on Computer and Communications Security (CCS 2012). 2012. 157-168.
|
[46] |
PAPPAS V , POLYCHRONAKIS M , KEROMYTIS A D . Smashing the gadgets:Hindering return-oriented programming using in-place code randomization[C]// The 2012 IEEE Symp.on Security and Privacy (SP). 2012. 601-615.
|