Browse > Article
http://dx.doi.org/10.5762/KAIS.2014.15.5.3121

Detection Mechanism against Code Re-use Attack in Stack region  

Kim, Ju-Hyuk (Korea Local Information Research & Development Institute)
Oh, Soo-Hyun (Division of Information Security, Hoseo University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.15, no.5, 2014 , pp. 3121-3131 More about this Journal
Abstract
Vulnerabilities related to memory have been known as major threats to the security of a computer system. Actually, the number of attacks using memory vulnerability has been increased. Accordingly, various memory protection mechanisms have been studied and implemented on operating system while new attack techniques bypassing the protection systems have been developed. Especially, buffer overflow attacks have been developed as Return-Oriented Programing(ROP) and Jump-Oriented Programming(JOP) called Code Re-used attack to bypass the memory protection mechanism. Thus, in this paper, I analyzed code re-use attack techniques emerged recently among attacks related to memory, as well as analyzed various detection mechanisms proposed previously. Based on the results of the analyses, a mechanism that could detect various code re-use attacks on a binary level was proposed. In addition, it was verified through experiments that the proposed mechanism could detect code re-use attacks effectively.
Keywords
Return-Oriented Programming; Jump-Oriented Programming; Code Re-use attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, "Return-oriented programming without returns", CCS 2010, 2010
2 H. Shacham. "The Geometry of Innocent Flesh on the Bone: Return-Into-Libc without Function Calls (on the x86)", the 14th ACM Conference on Computer and Communications Security, 2007 DOI: http://dx.doi.org/10.1145/1315245.1315313   DOI
3 Pax Project, "address space layout randomization", http://pax.grsecurity.net/docs/aslr.txt, 2003
4 Ju-Hyuk Kim, Jin-Ho Choi, Yo-Ram Lee, Soo-Hyun Oh, "Study on Return-Oriented Programming in Mac OSX", CISC-W 2011, pp. 146-149, 2011
5 T. Bletsch, X. Jiang, V. Freeh, "Jump-Oriented Programming: A New Class of Code-Reuse Attack", In CSC Technical Report TR-2010-8, NCSU, 2010
6 Piotr Bania, "Security Mitigations for Return-Oriented Programming Attacks", http://piotrbania.com/all/articles/pbania_rop_mitigations2010.pdf, 2010
7 Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. G-Free : defeating return-oriented programming through gadget-less binaries. In ACSAC'10, Annual Computer Security Applications Conference, 2010.
8 P. Chen, H. Xiao, X. Shen, X. Yin, B. Mao, and L. Xie. Drop: Detecting return-oriented programming malicious code. In Lecture Notes in Computer Science, 2009.
9 Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy, "ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks", Technical Report HGI-TR-2010-001, 2010.
10 Ju-Hyuk Kim, Yo-Ram Lee, Soo-Hyun Oh, "A detection mechanism for Jump-Oriented Programming at binary level", Journal of The Korea Institute of Information Securoty & Cryptography, vol. 22 No. 5, pp. 1069-1078, 2012.   과학기술학회마을
11 Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, GeoLowney, Steven Wallace, Vijay J. Reddi, and Kim Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. In PLDI '05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, volume 40, pages 190-200, New York, NY, USA, 2005
12 Mehmet Kayaalp, "Example Jump-Oriented Programming Attack", http://cs.binghamton.edu/-mkayaalp/jop.html, 2012
13 Aleph. One. "Smashing The Stack For Fun And Profit", Phrack49, 1996
14 Microsoft TechNet, "Data Execution Prevention", http://technet.microsoft.com/ko-kr/library/cc738483 (WS.10).aspxc0ntex, "Bypassing non-executable stack during exploitation using return-to-libc", http://www.infosecwriters.com/text/resources/pdf/ return-to-libc.pdf