【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 10005次   下载 8663 本文二维码信息
码上扫一扫!
内存数据污染攻击和防御综述
马梦雨,陈李维,孟丹
分享到: 微信 更多
(中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100049)
摘要:
内存数据被污染往往是程序漏洞被利用的本质所在,从功能角度把内存数据划分为控制相关和非控制相关,由此引出控制流劫持攻击和非控制数据攻击。两者危害程度相当,前者因利用成本较低而成为主流,但随着控制流劫持防御方法的不断完善,非控制数据攻击逐渐被重视。研究者先后在顶级会议上提出了数据导向攻击得自动化利用框架Data-oriented Exploits (DOE)以及图灵完备性地证明Data-oriented Programming (DOP),使得非控制数据攻击成为热点。本文基于这两种攻击形式,首先简化内存安全通用模型,并对经典内存数据污染攻击和防御的原理进行分析,其次分别论述新型控制流劫持和非控制数据攻击与防御的研究现状,最后探讨内存安全领域未来的研究方向,并给出两者协作攻击和防御的可能方案。
关键词:  内存数据污染  内存安全通用模型  控制流劫持攻击  非控制数据攻击  协作攻击和防御
DOI:10.19363/j.cnki.cn10-1380/tn.2017.10.007
Received:March 24, 2017Revised:May 08, 2017
基金项目:国家自然科学基金(61602469)资助。
A Survey of Memory Corruption Attack and Defense
MA Mengyu,CHEN Liwei,MENG Dan
Institute of Information Engineering, Chinese Academy of Science, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Science, Beijing 100049, China
Abstract:
Memory corruption is one of the important research about computer security, and it's the essence of programs being exploited. Memory data is divided into control-related and non-control related from the angle of function, which leads to control flow hijacking attacks and non-control data attacks. The threats of both are almost the same. The former became mainstream because of the lower costs. With the continuous improvement of control flow hijacking defense methods, non-control data attacks are valued gradually. Researchers have presented automatic generation of Data-oriented Exploits (DOE) and Turing-complete Data-oriented Programming (DOP) at the top-level meeting. This paper simplifies the general model of memory security based on the two types of attacks. We analyze the principles of classic memory corruption, and summary its research status systematically by introducing new control flow hijacking and non-control data attack and defense. Then we discuss future research direction of memory security, and give the possible schemes of collaborative attack and defense.
Key words:  Memory corruption  generic memory security model  control flow hijack  non-control data attack  collaborative attack and defense