Journal on Communications ›› 2021, Vol. 42 ›› Issue (1): 37-47.doi: 10.11959/j.issn.1000-436x.2021013
• Papers • Previous Articles Next Articles
Chuanxing PAN1, Zheng ZHANG1, Bolin MA2, Yuan YAO1, Xinsheng JI2
Revised:
2020-11-05
Online:
2021-01-25
Published:
2021-01-01
Supported by:
CLC Number:
Chuanxing PAN, Zheng ZHANG, Bolin MA, Yuan YAO, Xinsheng JI. Method against process control-flow hijacking based on mimic defense[J]. Journal on Communications, 2021, 42(1): 37-47.
"
攻击类型 | 利用方式 | Pwn题目名称 | 题目出处 | 异构方式 | 冗余度 | 能否防御 |
ret2text | ret2text | Bamboofox ctf | ASLR+PIE | 2 | √ | |
栈攻击 | ret2libc | ret2libc | Bamboofox ctf | ASLR+Canary | 2 | √ |
ret2syscall | ret2syscall | Bamboofoxv ctf | ASLR+PIE | 2 | √ | |
Ret2_dll_runtime_resolve | Pwn200 | XDCTF 2015 | ASLR+PIE+Canary | 2 | √ | |
Use after free | Lab 10 hacknote | HITCON-training | ASLR+PIE | 2 | √ | |
堆溢出 | stkof | 2014 HITCON | ASLR+PIE | 2 | √ | |
Unlink attack | Note2 | 2016 ZCTF | ASLR+PIE | 2 | √ | |
Fastbin attack | Oreo | 2014 hack.lu | ASLR+PIE | 2 | √ | |
堆攻击 | House of einherjar | Tinypad | 2016 Seccon | ASLR+PIE | 2 | √ |
House of Roman | Romanking98 | ASLR+PIE | 2 | √ | ||
House of force | Bcloud | 2016 BCTF | ASLR+PIE | 2 | √ | |
House of orange | CTF wiki | ASLR+PIE | 2 | √ | ||
House of lore | CTF wiki | ASLR+PIE | 2 | √ | ||
House of rabbit | CTF wiki | ASLR+PIE | 2 | √ | ||
I/O文件攻击 | Vtable劫持 | Pwn450 | 东华杯2016 | ASLR+PIE | 2 | √ |
"
Benchmark样本 | n=1 | n=2 | n=3 | n=4 | n=5 |
401.bzip2 | 0.06% | 1.03% | 2.18% | 4.34% | 10.11% |
403.gcc | 1.08% | 8.17% | 16.78% | 26.87% | 41.57% |
445.gobmk | 0.09% | 1.39% | 2.50% | 5.02% | 13.19% |
458.sjeng | 0.08% | 0.70% | 1.17% | 2.20% | 7.75% |
464.h264ref | 0.07% | 0.89% | 1.25% | 3.03% | 10.52% |
471.omnetpp | 0.79% | 12.51% | 22.27% | 33.67% | 49.48% |
473.astar | 0.17% | 4.35% | 8.72% | 15.32% | 26.50% |
483.xalancbmk | 0.79% | 12.36% | 24.58% | 38.57% | 57.52% |
[1] | COWAN C , WAGLE P , PU C ,et al. Buffer overflows:attacks and defenses for the vulnerability of the decade[C]// DARPA Information Survivablity Conference and Exception. Piscataway:IEEE Press, 2000: 119-129. |
[2] | 王丰峰, 张涛, 徐伟光 ,等. 进程控制流劫持攻击与防御技术综述[J]. 信息安全学报, 2019,5(6): 10-20. |
WANG F F , ZHANG T , XU W G ,et al. Overview of control-flow hijacking attack and defense techniques for process[J]. Chinese Journal of Network and Information Security, 2019,5(6): 10-20. | |
[3] | MITRE. 2020 CWE top 25 most dangerous software errors[R].(2020-08-20) [2020-08-26] |
[4] | VEN A . New security enhancements in red hat enterprise linux v.3,update 3[R]. 2004. |
[5] | COWAN C , PU C , MAIER D ,et al. Stackguard:automatic adaptive detection and prevention of buffer-overflow attacks[J]. Usenix Security, 1998,98: 63-78. |
[6] | PaX Team. PaX ASLR[R]. 2003. |
[7] | ROEMER R , BUCHANAN E , SHACHAM H ,et al. Return-oriented programming:systems,languages,and applications[J]. ACM Transactions on Information and System Security, 2012,15(1): 1-34. |
[8] | 乔向东, 郭戎潇, 赵勇 . 代码复用对抗技术研究进展[J]. 网络与信息安全学报, 2018,4(3): 1-12. |
QIAO X D , GUO R X , ZHAO Y . Research progress in code reuse attacking and defending[J]. Chinese Journal of Network and Information Security, 2018,4(3): 1-12. | |
[9] | 邢骁, 陈平, 丁文彪 ,等. BIOP:自动构造增强型ROP攻击[J]. 计算机学报, 2014,37(5): 1111-1123. |
XING X , CHENG P , DING W B ,et al. BIOP:automatic construction of enhanced ROP attack[J]. Chinese Journal of Computers, 2014,37(5): 1111-1123. | |
[10] | 陈振伟, 孙歆 . 使用ROP技术突破Linux的NX防护研究[J]. 网络空间安全, 2018,9(2): 64-69. |
CHEN Z W , SUN X . Research on bypassing the NX protection of Linux with ROP[J]. Cyberspace Security, 2018,9(2): 64-69. | |
[11] | EVTYUSHKIN D , PONOMAREV D , ABU-GHAZALEH N . Jump over ASLR:attacking branch predictors to bypass ASLR[C]// IEEE/ACM International Symposium on Microarchitecture. New York:ACM Press, 2016: 1-13. |
[12] | 武成岗, 李建军 . 控制流完整性的发展历程[J]. 中国教育网络, 2016(4): 52-55. |
WU C C , LI J J . The evolution of control flow integrity[J]. China Education Network, 2016(4): 52-55. | |
[13] | SAYEED S , MARCO-GISBERT H . On the effectiveness of control-flow integrity against modern attack techniques[M]. Berlin: Springer, 2019. |
[14] | HU H , SHINDE S , ADRIAN S ,et al. Data-oriented programming:on the expressiveness of non-control data attacks[C]// 2016 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2016: 969-986. |
[15] | 邬江兴 . 网咯空间内生安全——拟态防御与广义鲁棒控制(上册)[M]. 北京: 科学出版社, 2020. |
WU J X . Endogenous security of cyber space:mimic defense and generalized robust control (volume 1)[M]. Beijing: Science Press, 2020. | |
[16] | 邬江兴 . 网咯空间内生安全——拟态防御与广义鲁棒控制(下册)[M]. 北京: 科学出版社, 2020. |
WU J X . Endogenous security of cyber space:mimic defense and generalized robust control (volume 2)[M]. Beijing: Science Press, 2020. | |
[17] | 邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10. |
WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10. | |
[18] | 仝青, 张铮, 张为华 ,等. 拟态防御 Web 服务器设计与实现[J]. 软件学报, 2017,28(4): 883-897. |
TONG Q , ZHANG Z , ZHANG W H ,et al. Design and implemention of mimic defense Web server[J]. Journal of Software, 2017,28(4): 883-897. | |
[19] | 张铮, 马博林, 邬江兴 . Web 服务器拟态防御原理验证系统测试与分析[J]. 信息安全学报, 2016,2(1): 13-28. |
ZHANG Z , MA B L , WU J X . The test and analysis of prototype of mimic defense in Web servers[J]. Journal of Cyber Security, 2017,2(1): 13-28. | |
[20] | 曾永瑞, 李喆 . Linux 二进制漏洞利用——突破系统防御的关键技术[J]. 信息安全研究, 2018,4(9): 806-818. |
ZENG Y R , LI Z . Linux binary exploit——The key technology of breaking through the system defense[J]. Journal of Information Security Research, 2018,4(9): 806-818. | |
[21] | 裴中煜, 张超, 段海新 . Glibc堆利用的若干方法[J]. 信息安全学报, 2018,3(1): 1-15. |
PEI Z Y , ZHANG C , DUAN H X . Serval methods of exploiting glic heap[J]. Journal of Cyber Security, 2018,3(1): 1-15. | |
[22] | 第三届“强网”拟态防御国际精英挑战赛在南京开幕[N]. 2020-06-19. |
The 3rd “strong net” mimic defense international elite challenge opens in Nanjing[N]. 2020-06-19. | |
[23] | 邬江兴 . 加快推进网络安全学科竞赛创新发展[N]. 解放军报, 2020-06-19. |
WU J X . Accelerate the innovation and development of cybersecurity discripline competition[N]. PLA Daily, 2020-06-19. | |
[24] | MARTN A , . Control-flow integrity[C]// Proceedings of the 12th ACM Conference on Computer and Communications Security. New York:ACM Press, 2005: 340-353. |
[25] | PAPPAS V , POLYCHRONAKIS M , KEROMYTIS A D . Transparent ROP exploit mitigation using indirect branch tracing[C]// Usenix Conference on Security. Berkeley:USENIX Association, 2013: 447-462. |
[26] | COUDRAY T , FONTAINE A , CHIFFLIER P . PICON:control flow integrity on LLVM IR[C]// Symposium on Security of Information on and Communication Technology.[S.n.:s.l.], 2015: 1-6. |
[27] | 帕尔哈提江·斯迪克, 马建峰, 孙聪 . 一种面向二进制的细粒度控制流完整性方法[J]. 计算机科学, 2019,46(S2): 417-420,432. |
SIDIKE PA-ER H T J , MA J F , SUN C . Fine-graine control flow integrity method on binaries[J]. Computer Science, 2019,46(S2): 417-420,432. | |
[28] | CHENG Y , ZHOU Z , MIAO Y ,et al. ROPecker:a generic and practical approach for defending against ROP attack[C]// Network and Distributed System Security Symposium.[S.n.:s.l.], 2014: 1-14. |
[29] | FENG L , HUANG J , HU J ,et al. FastCFI:real-time control flow integrity using FPGA without code instrumentation[C]// International Conference on Runtime Verification. Berlin:Springer, 2019: 221-238. |
[30] | KAWADA T , HONDA S , MATSUBARA Y ,et al. TZmCFI:RTOS-aware control-flow integrity using trustzone for Armv8-M[J]. International Journal of Parallel Programming, 2019,doi:10.1007/s10766-020-00673-z. |
[1] | Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44. |
[2] | Dacheng ZHOU, Hongchang CHEN, Guozhen CHENG, Weizhen HE, Ke SHANG, Hongchao HU. Design and implementation of adaptive mimic voting device oriented to persistent connection [J]. Journal on Communications, 2022, 43(6): 71-84. |
[3] | Wenlong KOU, Yuyang ZHANG, Fenghua LI, Xiaogang CAO, Jiamin LI, Zhu WANG, Kui GENG. On-demand and efficient scheduling scheme for cryptographic service resource [J]. Journal on Communications, 2022, 43(6): 108-118. |
[4] | Hongyong JIA, Yunfei PAN, Wenhe LIU, Junjie ZENG, Jianhui ZHANG. Executive dynamic scheduling algorithm based on high-order heterogeneity [J]. Journal on Communications, 2022, 43(3): 233-245. |
[5] | Zhengbin ZHU, Qinrang LIU, Dongpei LIU, Chong WANG. Research progress of mimic multi-execution scheduling algorithm [J]. Journal on Communications, 2021, 42(5): 179-190. |
[6] | Ting WU, Chengnan HU, Qingnan CHEN, Anbang CHEN, Qiuhua ZHENG. Defense-enhanced dynamic heterogeneous redundancy architecture based on executor partition [J]. Journal on Communications, 2021, 42(3): 122-134. |
[7] | Wennai WANG, Yanhe ZHANG, Wei WU, Chen BAI, Bin WANG. Depth first traversal algorithm for the back-off tree of distributed queuing [J]. Journal on Communications, 2021, 42(2): 72-80. |
[8] | Haitao ZHAO,Shishun GAO,Haijun WANG,Ting YONG,Jibo WEI. Evaluation method for autonomous communication and networking capability of UAV [J]. Journal on Communications, 2020, 41(8): 87-98. |
[9] | Shaohu DING,Ning QI,Yiwei GUO. Evaluation of mimic defense strategy based on M-FlipIt game model [J]. Journal on Communications, 2020, 41(7): 186-194. |
[10] | Qinglei ZHOU,Shaohuan BAN,Yingjie HAN,Feng FENG. Mimic defense authentication method for physical access control [J]. Journal on Communications, 2020, 41(6): 80-87. |
[11] | Ke SONE,Qinrang LIU,Shuai WEI,Wenjian ZHANG,Libo TAN. Endogenous security architecture of Ethernet switch based on mimic defense [J]. Journal on Communications, 2020, 41(5): 18-26. |
[12] | Yuan YAO,Chuanxing PAN,Zheng ZHANG,Gaofei ZHANG. Method of quantitative assessment for diversified software system [J]. Journal on Communications, 2020, 41(3): 120-125. |
[13] | Yuan YANG,Mingwei XU,Hao CHEN. Analysis and modeling of Internet backbone traffic with 5G/B5G [J]. Journal on Communications, 2019, 40(8): 36-44. |
[14] | WU Chensi,XIE Weiqiang,JI Yixiao,YANG Su,JIA Ziyi,ZHAO Song,ZHANG Yuqing. Survey on network system security metrics [J]. Journal on Communications, 2019, 40(6): 14-31. |
[15] | Fenghua LI,Yongjun LI,Zhengkun YANG,Han ZHANG,Lingcui ZHANG. Fuzzy evaluation for response effectiveness in cases of incomplete information [J]. Journal on Communications, 2019, 40(4): 117-127. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|