[1] |
COWAN C , WAGLE P , PU C ,et al. Buffer overflows:attacks and defenses for the vulnerability of the decade[C]// DARPA Information Survivablity Conference and Exception. Piscataway:IEEE Press, 2000: 119-129.
|
[2] |
王丰峰, 张涛, 徐伟光 ,等. 进程控制流劫持攻击与防御技术综述[J]. 信息安全学报, 2019,5(6): 10-20.
|
|
WANG F F , ZHANG T , XU W G ,et al. Overview of control-flow hijacking attack and defense techniques for process[J]. Chinese Journal of Network and Information Security, 2019,5(6): 10-20.
|
[3] |
MITRE. 2020 CWE top 25 most dangerous software errors[R].(2020-08-20) [2020-08-26]
|
[4] |
VEN A . New security enhancements in red hat enterprise linux v.3,update 3[R]. 2004.
|
[5] |
COWAN C , PU C , MAIER D ,et al. Stackguard:automatic adaptive detection and prevention of buffer-overflow attacks[J]. Usenix Security, 1998,98: 63-78.
|
[6] |
PaX Team. PaX ASLR[R]. 2003.
|
[7] |
ROEMER R , BUCHANAN E , SHACHAM H ,et al. Return-oriented programming:systems,languages,and applications[J]. ACM Transactions on Information and System Security, 2012,15(1): 1-34.
|
[8] |
乔向东, 郭戎潇, 赵勇 . 代码复用对抗技术研究进展[J]. 网络与信息安全学报, 2018,4(3): 1-12.
|
|
QIAO X D , GUO R X , ZHAO Y . Research progress in code reuse attacking and defending[J]. Chinese Journal of Network and Information Security, 2018,4(3): 1-12.
|
[9] |
邢骁, 陈平, 丁文彪 ,等. BIOP:自动构造增强型ROP攻击[J]. 计算机学报, 2014,37(5): 1111-1123.
|
|
XING X , CHENG P , DING W B ,et al. BIOP:automatic construction of enhanced ROP attack[J]. Chinese Journal of Computers, 2014,37(5): 1111-1123.
|
[10] |
陈振伟, 孙歆 . 使用ROP技术突破Linux的NX防护研究[J]. 网络空间安全, 2018,9(2): 64-69.
|
|
CHEN Z W , SUN X . Research on bypassing the NX protection of Linux with ROP[J]. Cyberspace Security, 2018,9(2): 64-69.
|
[11] |
EVTYUSHKIN D , PONOMAREV D , ABU-GHAZALEH N . Jump over ASLR:attacking branch predictors to bypass ASLR[C]// IEEE/ACM International Symposium on Microarchitecture. New York:ACM Press, 2016: 1-13.
|
[12] |
武成岗, 李建军 . 控制流完整性的发展历程[J]. 中国教育网络, 2016(4): 52-55.
|
|
WU C C , LI J J . The evolution of control flow integrity[J]. China Education Network, 2016(4): 52-55.
|
[13] |
SAYEED S , MARCO-GISBERT H . On the effectiveness of control-flow integrity against modern attack techniques[M]. Berlin: Springer, 2019.
|
[14] |
HU H , SHINDE S , ADRIAN S ,et al. Data-oriented programming:on the expressiveness of non-control data attacks[C]// 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2016: 969-986.
|
[15] |
邬江兴 . 网咯空间内生安全——拟态防御与广义鲁棒控制(上册)[M]. 北京: 科学出版社, 2020.
|
|
WU J X . Endogenous security of cyber space:mimic defense and generalized robust control (volume 1)[M]. Beijing: Science Press, 2020.
|
[16] |
邬江兴 . 网咯空间内生安全——拟态防御与广义鲁棒控制(下册)[M]. 北京: 科学出版社, 2020.
|
|
WU J X . Endogenous security of cyber space:mimic defense and generalized robust control (volume 2)[M]. Beijing: Science Press, 2020.
|
[17] |
邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
|
|
WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
|
[18] |
仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897.
|
|
TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implemention of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897.
|
[19] |
张铮, 马博林, 邬江兴 . Web 服务器拟态防御原理验证系统测试与分析[J]. 信息安全学报, 2016,2(1): 13-28.
|
|
ZHANG Z , MA B L , WU J X . The test and analysis of prototype of mimic defense in Web servers[J]. Journal of Cyber Security, 2017,2(1): 13-28.
|
[20] |
曾永瑞, 李喆 . Linux 二进制漏洞利用——突破系统防御的关键技术[J]. 信息安全研究, 2018,4(9): 806-818.
|
|
ZENG Y R , LI Z . Linux binary exploit——The key technology of breaking through the system defense[J]. Journal of Information Security Research, 2018,4(9): 806-818.
|
[21] |
裴中煜, 张超, 段海新 . Glibc堆利用的若干方法[J]. 信息安全学报, 2018,3(1): 1-15.
|
|
PEI Z Y , ZHANG C , DUAN H X . Serval methods of exploiting glic heap[J]. Journal of Cyber Security, 2018,3(1): 1-15.
|
[22] |
第三届“强网”拟态防御国际精英挑战赛在南京开幕[N]. 2020-06-19.
|
|
The 3rd “strong net” mimic defense international elite challenge opens in Nanjing[N]. 2020-06-19.
|
[23] |
邬江兴 . 加快推进网络安全学科竞赛创新发展[N]. 解放军报, 2020-06-19.
|
|
WU J X . Accelerate the innovation and development of cybersecurity discripline competition[N]. PLA Daily, 2020-06-19.
|
[24] |
MARTN A , . Control-flow integrity[C]// Proceedings of the 12th ACM Conference on Computer and Communications Security. New York:ACM Press, 2005: 340-353.
|
[25] |
PAPPAS V , POLYCHRONAKIS M , KEROMYTIS A D . Transparent ROP exploit mitigation using indirect branch tracing[C]// Usenix Conference on Security. Berkeley:USENIX Association, 2013: 447-462.
|
[26] |
COUDRAY T , FONTAINE A , CHIFFLIER P . PICON:control flow integrity on LLVM IR[C]// Symposium on Security of Information on and Communication Technology.[S.n.:s.l.], 2015: 1-6.
|
[27] |
帕尔哈提江·斯迪克, 马建峰, 孙聪 . 一种面向二进制的细粒度控制流完整性方法[J]. 计算机科学, 2019,46(S2): 417-420,432.
|
|
SIDIKE PA-ER H T J , MA J F , SUN C . Fine-graine control flow integrity method on binaries[J]. Computer Science, 2019,46(S2): 417-420,432.
|
[28] |
CHENG Y , ZHOU Z , MIAO Y ,et al. ROPecker:a generic and practical approach for defending against ROP attack[C]// Network and Distributed System Security Symposium.[S.n.:s.l.], 2014: 1-14.
|
[29] |
FENG L , HUANG J , HU J ,et al. FastCFI:real-time control flow integrity using FPGA without code instrumentation[C]// International Conference on Runtime Verification. Berlin:Springer, 2019: 221-238.
|
[30] |
KAWADA T , HONDA S , MATSUBARA Y ,et al. TZmCFI:RTOS-aware control-flow integrity using trustzone for Armv8-M[J]. International Journal of Parallel Programming, 2019,doi:10.1007/s10766-020-00673-z.
|