| With the rapid development of computer and network,people pay more and more attention to the security of computer.Return-oriented-programming(ROP)attack is a typical way of attacking computers by linking short instructions ending in RET in dynamic library functions.Defense mechanisms such as stack return address protection and address randomization(ASLR)enhance the security of the operating system to some extent.Therefore,how to circumvent these defense mechanisms to implement ROP attacks and how to detect ROP attacks have attracted extensive attention of researchers.In this paper,ROP attack mechanism and detection methods are studied.To solve the problem of how to bypass address randomization and stack non-execution when implementing ROP attack,a ROP attack bypassing ASLR is proposed,and a function pointer ROP attack is implemented for stack return address protection mechanism.Through the analysis of function pointer ROP attack,a fedetect detection scheme is proposed,which improves the accuracy of function pointer ROP attack.The main research work of this paper is as follows:(1)How to bypass ASLR protection is studied.In this paper,a ROP attack bypassing ASLR is implemented by returning to the_dl_runtime_resolve function to dynamically obtain the address of DLL function.(2)In this paper,we implement ROP attacks by modifying function pointer through buffer overflow vulnerability,bypassing stack return address protection,and successfully implement ROP attacks.(3)Improve the accuracy of ROP attack detection with function pointer.In this paper,by analyzing the characteristics of calling dynamic link library functions,combining static analysis with dynamic detection technology,a detection scheme of fpdetect is proposed.Experiments verify the effectiveness of the proposed detection scheme. |
PDF Full Text Request