| Subject: | 计算机科学技术基础学科::数据安全与计算机安全
; 计算机系统结构::计算机系统设计
; 计算机软件::操作系统与操作环境
; 计算机软件::程序设计及其语言
; 计算机软件::编译系统
; 计算机软件::软件工程
|
| Title: | HyperCrop: A Hypervisor-Based Countermeasure for Return Oriented Programming |
| Author: | Jun Jiang
; Xiaoqi Jia
; Dengguo Feng
; Shengzhi Zhang
; Peng Liu
|
| Source: | Lecture Notes in Computer Science, 2011, Volume 7043/2011 (Proceedings of the 13th International Conference on Information and Communications Security)
|
| Conference Name: | International Conference on Information and Communications Security
|
| Conference Date: | 2011/11/23-2011/11/26
|
| Issued Date: | 2011-11
|
| Conference Place: | Friendship Hotel, Haidian District, Beijing, China
|
| Keyword: | Return oriented programming
; Hypervisor-based security
; Hardware assisted virtualization
|
| Related URLs: | 查看原文
|
| Publisher: | Springer-Verlag
|
| Publish Place: | Berlin Heidelberg
|
| Indexed Type: | CPCI(ISTP)
; EI
|
| Cooperation Status: | 国际
|
| ISSN: | 0302-9743
|
| ISBN: | 978-3-642-25242-6
|
| Abstract: | Return oriented programming (ROP) has recently caught great attention of both academia and industry. It reuses existing binary code instead of injecting its own code and is able to perform arbitrary computation due to its Turing-completeness. Hence, It can successfully bypass state-of-the-art code integrity mechanisms such as NICKLE and SecVisor. In this paper, we present HyperCrop, a hypervisor-based approach to counter such attacks. Since ROP attackers extract short instruction sequences ending in ret called “gadgets” and craft stack content to “chain” these gadgets together, our method recognizes that the key characteristics of ROP is to fill the stack with plenty of addresses that are within the range of libraries (e.g. libc). Accordingly, we inspect the content of the stack to see if a potential ROP attack exists. We have implemented a proof-of-concept system based on the open source Xen hypervisor. The evaluation results exhibit that our solution is effective and efficient. |
| Language: | 英语
|
| Content Type: | 会议论文
|
| URI: | http://ir.iscas.ac.cn/handle/311060/14506
|
| Appears in Collections: | 信息安全国家重点实验室_会议论文
|
| File Name/ File Size |
Content Type |
Version |
Access |
License |
|
|---|
| fulltext.pdf(280KB) | -- | -- | 限制开放 | | 联系获取全文 |
|
| Recommended Citation: | |
Jun Jiang,Xiaoqi Jia,Dengguo Feng,et al. HyperCrop: A Hypervisor-Based Countermeasure for Return Oriented Programming[C]. 见:International Conference on Information and Communications Security. Friendship Hotel, Haidian District, Beijing, China. 2011/11/23-2011/11/26.http://link.springer.com/chapter/10.1007%2F978-3-642-25243-3_29.
|
|
|
