(3.236.228.250) 您好!臺灣時間:2021/04/17 12:34
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:侯均靜
研究生(外文):Hou, Chun-Ching
論文名稱(外文):ROPRD: A Solution to Detect Real-time Zero-day ROP Attacks
指導教授:許富皓許富皓引用關係
指導教授(外文):Fu-Hau Hsu
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2019
畢業學年度:107
語文別:中文
論文頁數:39
中文關鍵詞:緩衝區溢位返回導向程式設計
外文關鍵詞:Buffer OverflowROP
相關次數:
  • 被引用被引用:0
  • 點閱點閱:58
  • 評分評分:系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔系統版面圖檔
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
返回導向程式設計(Return-Oriented Programming)是一種非常常見的緩衝區溢位攻擊,攻擊者可以蒐集程式的機器語言指令(Gadget),藉由這些指令序列來覆蓋掉堆疊上的返回地址,以達成控制程式執行流程的目的。

本論文設計了一套解決方案,名為 ROPRD ,透過修改 Linux Kernel 及 Binary Rewrite,在盡量不影響系統架構及效能的狀況下,來達成 ROP 攻擊的即時偵測。
Return-Oriented Programming (ROP) is a common Buffer-Overflow Attack. The attacker can collect some machine code in the program, which called 'Gadget', combine those gadgets, and change the return address on the stack. This will cause the program execution process to be controlled by the attacker.

We design a solution called ROPRD. We can detect ROP attacks in real-time without affecting the system architecture and performance by modifying Linux Kernel and using binary rewrite tool.
摘要 ............................. i
Abstract ......................... ii
誌謝 ............................. iii
目錄 ............................. iv
圖目錄 ........................... vi
表目錄 ........................... vii
第 1 章 緒論 ..................... 1
第 2 章 背景介紹 ................. 2
2.1 緩衝區溢位 .................. 2
2.2 ROP 攻擊 .................... 3
第 3 章 相關研究 ................. 5
第 4 章 實驗設計與實作 ........... 7
4.1 整體架構 .................... 7
4.2 Host Side ................... 8
4.2.1 Rewriter ................. 8
4.2.2 Controller ............... 10
4.2.3 Analyst .................. 10
4.3 Guest Side .................. 11
4.3.1 PID ...................... 12
4.3.2 Read ..................... 12
4.3.3 Return Address and rbp ... 13
第 5 章 實驗結果及分析 ........... 15
5.1 實驗環境 .................... 15
5.2 測試案例 .................... 15
5.3 結果分析 .................... 16
第 6 章 討論 ..................... 19
6.1 限制 ........................ 19
6.2 未來研究 .................... 19
第 7 章 總結 ..................... 21
參考文獻 ......................... 22
附錄 A 測試程式 .................. 24
A.1 Rewriter 注入的 Overflow Detector 和 Appdata Collector .................................. 24
A.2 ret2shellcode ............... 26
A.3 ret2syscall ................. 26
A.4 ret2text .................... 27
[1] M. Abad, M. Budiu, Ú. Erlingsson, and J. Ligatti, “Control-flow integrity,” Proceedings of the 12th ACM conference on Computer and communications security, pp. 340–353, Nov. 7, 2005. doi: 10.1145/1102120.1102165. [Online]. Available: https://dl.acm.org/citation.cfm?id=1102165. [2] JonathanSalwan. (2019). Ropgadget, [Online]. Available: https://github.com/ JonathanSalwan/ROPgadget (visited on 07/16/2019). [3] P. Wagle and C. Cowan, “Stackguard: Simple stack smash protection for gcc,” in Proceedings of the GCC Developers Summit, Ottawa, Ontario, CA: GCC Summit, 2003, pp. 243–255. [Online]. Available: ftp://gcc.gnu.org/pub/gcc/summit/ 2003/Stackguard.pdf. [4] (2019). Gcc, [Online]. Available: https://gcc.gnu.org/ (visited on 07/16/2019). [5] T. Chiueh and F. Hsu, “Rad: A compile-time solution to buffer overflow attacks,” in Proceedings 21st International Conference on Distributed Computing Systems, Apr. 2001, pp. 409–417. doi: 10.1109/ICDSC.2001.918971. [6] Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. H. Deng, “Ropecker: A generic and practical approach for defending against rop attacks,” NDSS, Feb. 22, 2014. doi: 10.14722/ndss.2014.23156. [Online]. Available: https://www.ndss-symposium. org/ndss2014/programme/ropecker-generic-and-practical-approachdefending-against-rop-attacks/. [7] P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie, “Drop: Detecting returnorientedprogrammingmaliciouscode,”inInformationSystemsSecurity,A.Prakash andI.SenGupta,Eds.,Berlin,Heidelberg:SpringerBerlinHeidelberg,2009,pp.163– 177, isbn: 978-3-642-10772-6. [8] H. Zhou, X. Wu, W. Shi, J. Yuan, and B. Liang, “Hdrop: Detecting rop attacks using performance monitoring counters,” in Information Security Practice and Experience, X. Huang and J. Zhou, Eds., Cham: Springer International Publishing, 2014, pp. 172–186, isbn: 978-3-319-06320-1. [9] M. Polychronakis and A. D. Keromytis, “Rop payload detection using speculative code execution,” in 2011 6th International Conference on Malicious and Unwanted Software, Oct. 2011, pp. 58–65. doi: 10.1109/MALWARE.2011.6112327. [10] N. Carlini and D. Wagner, “ROP is still dangerous: Breaking modern defenses,” in 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA: USENIX Association, 2014, pp. 385–399, isbn: 978-1-931971-15-7. [Online]. Available: https://www.usenix.org/conference/usenixsecurity14/technicalsessions/presentation/carlini.
22
[11] (2019). Llvm, [Online]. Available: https://llvm.org (visited on 07/16/2019). [12] F. Bellard. (2019). Qemu, [Online]. Available: https://www.qemu.org/ (visited on 07/16/2019). [13] (2011). Cve-2011-1938, [Online]. Available: https://www.exploit-db.com/ exploits/17486 (visited on 08/04/2019). [14] (2019). Mcsema, [Online]. Available: https://github.com/trailofbits/mcsema (visited on 07/16/2019).
電子全文 電子全文(網際網路公開日期:20240630)
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文
 
系統版面圖檔 系統版面圖檔