| 基于ARM平台的ROP攻击及防御技术 |
| |
| 引用本文: | 钱逸,王轶骏,薛质.基于ARM平台的ROP攻击及防御技术[J].信息安全与通信保密,2012(10):75-77. |
| |
| 作者姓名: | 钱逸 王轶骏 薛质 |
| |
| 作者单位: | 上海交通大学信息安全学院,上海,200240 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | 随着智能手机领域的发展,几乎所有智能手机及平板电脑都采用了ARM架构,在此平台上的安全问题也越来越受到研究者的关注。X86平台上流行的返回导向编程被引入到了ARM平台上。通过研究总结X86平台上返回导向编程的攻击和防御机制,给出了该攻击移植到ARM平台上的技术细节,包括具体实现方式和gadget搜索算法的差异性,通过自动构建gadgets链加速Exploit开发,最后提出了一种系统库沙盒技术来防御此攻击。
|
| 关 键 词: | 返回导向编程 ARM架构 gadget搜索 系统库沙盒 |
ROP Attack and Defense Technology based on ARM |
| |
| QIAN Yi,WANG Yi-jun,XUE Zhi.ROP Attack and Defense Technology based on ARM[J].China Information Security,2012(10):75-77. |
| |
| Authors: | QIAN Yi WANG Yi-jun XUE Zhi |
| |
| Institution: | (School of Information Security, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | With the development of mobile-phone field, ARM architecture is usually used in the mobile-phone and tablet computer, and the security issues on ARM platform always attract much attention from the researchers. ROP, a popular attack method on X86 is planted into ARM. This paper analyzes the different ROP defense methods on X86, presents the technical details of ROP attack, including specific implementation and gadgets search algorithm on ARM. Finally, a library sandbox technology is suggested to defense this kind of attack and secure the system. |
| |
| Keywords: | return-oriented programming ARM architecture gadget search library sandbox |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
