Survey on Software Binary Code Reuse Technologies

doi:10.13328/j.cnki.jos.005270

微信服务号

微信订阅号

2025-5-2- 5

Home > Archive>Volume 28, Issue 8, 2017 >2026-2045. DOI:10.13328/j.cnki.jos.005270

PDF HTML XML Export Cite reminder

Survey on Software Binary Code Reuse Technologies
DOI:
                        10.13328/j.cnki.jos.005270
                    
Author:
                        PENG Guo-JunPENG Guo-Jun
Key Laboratory of Aerospace Information Security and Trust Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Computer, Wuhan University, Wuhan 430072, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
LIANG YuLIANG Yu
Key Laboratory of Aerospace Information Security and Trust Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Computer, Wuhan University, Wuhan 430072, China;Sangfor Technologies Inc., Shenzhen 518055, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
ZHANG Huan-GuoZHANG Huan-Guo
Key Laboratory of Aerospace Information Security and Trust Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Computer, Wuhan University, Wuhan 430072, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
FU Jian-MingFU Jian-Ming
Key Laboratory of Aerospace Information Security and Trust Computing(Wuhan University), Ministry of Education, Wuhan 430072, China;School of Computer, Wuhan University, Wuhan 430072, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:
Clc Number:
Fund Project:United Basic Research Foundation of NSFC-General Technology (U1636107); National Natural Science Foundation of China (61332019, 61202387, 61373168); National Basic Research Program of China (973) (2014CB340600)

Article

Figures

Metrics

Reference [102]

Related [20]

Cited by

Materials

Comments

Abstract:

Within the current commercial system achitecture and software ecosystem, code reuse techniques, such as ROP (return-oriented programming), are widely adopted to exploit memory vulnerabilities. Driven by the serve situation of cyberspace security, academical and industrial communities have carried out a great amount of research on binary code reuse from both defensive and offsensive perspevtives. This paper discusses the essence and basics of binary code reuse, along with an analysis of its technique roadmap and typical attack vectors. Corresponding defences and mitigations based on control flow integrity and memory randomization are analyzed as well. Dissections on CET (control flow enforcement technology) and CFG (control flow guard), two latest industrial techniques for binary code reuse mitigation, are presented. The future of binary code reuse, including protential attack vectors and possible mitigation strategies, is also discussed at the end of this paper.

Key words:information security;information system security;software security;binary code reuse;vulnerability exploitation

Reference

[1] Mei H, Wang QX, Zhang L, Wang J. Software analysis:A road map. Chinese Journal of Computers, 2009,32(9):1697-1710(in Chinese with English abstract). http://cjc.ict.ac.cn/quanwenjiansuo/2009-9/mh.pdf[doi:10.3724/SP.J.1016.2009.01697]

[2] Chen X, Gu Q, Liu SW, Liu SL, Ni C. Survey of static software defect prediction. Ruan Jian Xue Bao/Journal of Software, 2016, 27(1):1-25(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/4923.htm[doi:10.13328/j.cnki.jos.004923]

[3] Wang T. Research on binary-executable-oriented software vulnerability detection[Ph.D. Thesis]. Beijing:Peking University, 2011(in Chinese with English abstract). http://d.wanfangdata.com.cn/Thesis/Y2024928

[4] Zhang HG, Han WB, Lai XJ, Lin DD, Ma JF, Li JH. Survey on cyberspace security. Scientica Sinica Informationis, 2016,46(2):125-164(in Chinese).[doi:10.1360/N112015-00176]

[5] Zhang HG, Han WB, Lai XJ, Lin DD, Ma JF, Li JH. Survey on cyberspace security. Science China:Information Sciences, 2015, 58(11):1-43.[doi:10.1007/s11432-015-5433-4]

[6] Liang Y. Research on key techniques of software binary code reuse[Ph.D. Thesis]. Wuhan:Wuhan University, 2016(in Chinese with English abstract).

[7] Spafford EH. The Internet worm program:An analysis. ACM SIGCOMM Computer Communication Review, 1989,19(1):17-57.[doi:10.1145/66093.66095]

[8] Wei Q, Wei T, Wang JJ. The evolution of exploitation and exploit mitigation. Journal of Tsinghua University (Science and Technology), 2011,51(10):1274-1280(in Chinese with English abstract).[doi:10.16511/j.cnki.qhdxxb.2011.10.015]

[9] APPLE. iOS security guide. 2015. https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[10] Miller C, Blazakis D, Daizovi D, Esser S, Lozz V, Weinmann RP. iOS Hacker's Handbook. Indianapolis:Wiley, 2012.

[11] Schwartz EJ, Avgerinos T, Brumley D. Q:Exploit hardening made easy. In:Proc. of the 20th USENIX Conf. on Security. Berkeley:USENIX Association, 2011. 25-25. http://dl.acm.org/citation.cfm?id=2028067.2028092

[12] Wkipedia. Return-Oriented programming. 2015. https://en.wikipedia.org/w/index.php?title=Return-oriented_programming&oldid=669727753

[13] Shacham H. The geometry of innocent flesh on the bone:Return-into-libc without function calls (on the x86). In:Proc. of the 14th ACM Conf. on Computer and Communications Security (CCS 2007). New York:ACM Press, 2007. 552-561.[doi:10.1145/1315245.1315313]

[14] Bletsch T, Jiang X, Freeh VW, Liang ZK. Jump-Oriented programming:A new class of code-reuse attack. In:Proc. of the 6th ACM Symp. on Information, Computer and Communications Security (ASIACCS 2011). New York:ACM Press, 2011. 30-40.[doi:10.1145/1966913.1966919]

[15] Checkoway S, Davi L, Dmitrienko A, Sadeghi AR, Shacham H, Winandy M. Return-Oriented programming without returns. In:Proc. of the 17th ACM Conf. on Computer and Communications Security (CCS 2010). New York:ACM Press, 2010. 559-572.[doi:10.1145/1866307.1866370]

[16] Salwan J. ROPgadget. 2015. https://github.com/JonathanSalwan/ROPgadget

[17] Le L. Payload already inside:Data re-use for ROP exploits. In:Proc. of the BlackHat USA 2010. Las Vegas, 2010. https://media.blackhat.com/bh-us-10/whitepapers/Le/BlackHat-USA-2010-Le-Paper-Payload-already-inside-data-reuse-for-ROP-exploits-wp.pdf

[18] Ropshell. Free online ROP gadgets search. 2016. http://2www.ropshell.com/

[19] Chen P, Xiao X, Bing M, Li X, Shen X, Yin X. Automatic construction of jump-oriented programming shellcode (on the x86). In:Proc. of the 6th ACM Symp. on Information, Computer and Communications Security (ASIACCS 2011). New York:ACM Press, 2011. 20-29.[doi:10.1145/1966913.1966918]

[20] Davi L, Alexandra D, Sadeghi AR, Winandy M. Return-Oriented programming without returns on ARM. Bochum:Ruhr University Bochum, 2010. http://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/ROP-without-Returns-on-ARM.pdf

[21] Kornau T. Return oriented programming for the ARM architecture[MS. Thesis]. Bochum:Ruhr-Universität Bochum, 2010. https://www.zynamics.com/downloads/kornau-tim-diplomarbeit-rop.pdf

[22] Buchanan E, Roemer R, Savage S, Shacham H. Return-Oriented programming:Exploits without code injection. In:Proc. of the BlackHat USA 2008. Las Vegas, 2008. https://www.blackhat.com/presentations/bh-usa-08/Shacham/BH_US_08_Shacham_Return_Oriented_Programming.pdf

[23] Roemer RG. Finding the bad in good code:Automated return-oriented programming exploit discovery[MS. Thesis]. San Diego:University of California, 2009. http://www.cs.ucsd.edu/~rroemer/doc/thesis.pdf

[24] Dullien T, Kornau T, Weinmann RP. A framework for automated architecture-independent gadget search. In:Proc. of the 4th USENIX Conf. on Offensive Technologies (WOOT 2010). Berkeley:USENIX Association, 2010. 1-10. http://www.cs.ucsd.edu/~rroemer/doc/thesis.pdf

[25] Flanagan C, Saxe JB. Avoiding exponential explosion:Generating compact verification conditions. In:Proc. of the 28th ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages. New York:ACM Press, 2001. 193-205.[doi:10.1145/360204.360220]

[26] Solar D. Bugtraq:Getting around non-executable stack (and fix). 1997. http://seclists.org/bugtraq/1997/Aug/63

[27] Mcdonald J. Defeating solaris/SPARC non-executable stack protection. 1999. https://www.thc.org/root/docs/exploit_writing/sol-ne-stack.html

[28] Nergal. The advanced return-into-lib(c) exploits (PaX case study). Phrack Magazine, 2001,58(4). http://phrack.org/issues/58/4.html

[29] Krahmerk S. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. 2005. http://users.suse.com/~krahmer/no-nx.pdf

[30] Buchanan E, Roemer R, Shacham H, Savage S. When good instructions go bad:Generalizing return-oriented programming to RISC. In:Proc. of the 15th ACM Conf. on Computer and Communications Security (CCS 2008). New York:ACM Press, 2008. 27-38.[doi:10.1145/1455770.1455776]

[31] Qian Y. ROP attack and defense technology based on ARM[MS. Thesis]. Shanghai:Shanghai Jiaotong University, 2012(in Chinese with English abstract). http://cdmd.cnki.com.cn/Article/CDMD-10248-1013022062.htm

[32] Xing T, Chen P, Ding WB. BIOP:Automatic construction of enhanced ROP attack. Chinese Journal of Computers, 2014,37(5):1111-1123(in Chinese with English abstract). http://d.wanfangdata.com.cn/Periodical/jsjxb201405012[doi:10.3724/SP.J.1016. 2014.01111]

[33] Snow KZ, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A. Just-in-Time code reuse:On the effectiveness of fine-grained address space layout randomization. In:Proc. of the 2013 IEEE Symp. on Security and Privacy (SP). 2013. 574-588.[doi:10.1109/SP.2013.45]

[34] Snow KZ, Davi L. Just in time code reuse. In:Proc. of the Blackhat USA 2013. Las Vegas, 2013. http://media.blackhat.com/us-13/US-13-Snow-Just-In-Time-Code-Reuse-Slides.pdf

[35] Bittau A, Belay A, Mashtizadeh A, Mazières D, Boneh D. Hacking blind. In:Proc. of the 2014 IEEE Symp. on Security and Privacy (SP). 2014. 227-42.[doi:10.1109/SP.2014.22]

[36] Athanasakis M, Elias A, Michalis P, Georgios P, Sotiris I. The devil is in the constants:Bypassing defenses in browser JIT engines. In:Proc. of the 2015 Network and Distributed System Security Symp. (NDSS 2015). 2015.[doi:10.14722/ndss.2015.23209]

[37] Qian Y, Wang YJ, Xue Z. ROP attack and defense technology based on ARM. Information Security and Communications Privacy, 2012,(10):75-77(in Chinese with English abstract).[doi:10.3969/j.issn.1009-8054.2012.10.036]

[38] Xia Y, Liu Y, Chen H, Zang B. CFIMon:Detecting violation of control flow integrity using performance counters. In:Proc. of the IEEE/IFIP Int'l Conf. on Dependable Systems and Networks (DSN 2012). Boston:IEEE, 2012. 1-12.[doi:10.1109/DSN.2012. 6263958]

[39] Carlini N, Wagner D. ROP is still dangerous:Breaking modern defenses. In:Proc. of the 23rd USENIX Security Symp. (USENIX Security 2014). San Diego:USENIX Association, 2014. 385-399. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/carlini

[40] Carlini N, Barresi A, Mayer M, Wagner D, Gross TR. Control-Flow bending:On the effectiveness of control-flow integrity. In:Proc. of the 24th USENIX Security Symp. (USENIX Security 2015). Washington:USENIX Association, 2015. 161-176. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/carlini

[41] Cheng YQ, Zhou ZW, Yu M, Ding XH, Deng RH. ROPecker:A generic and practical approach for defending against ROP attacks. In:Proc. of the 2014 Network and Distributed System Security Symp. (NDSS 2014). 2014.[doi:10.14722/ndss.2014.23156]

[42] Qiao R, Zhang MW, Sekar R. A principled approach for ROP defense. In:Proc. of the 31st Annual Computer Security Applications Conf. (ACSAC 2015). New York:ACM Press, 2015. 101-110.[doi:10.1145/2818000.2818021]

[43] Szekeres, L, Payer M, Wei T, Song D. SoK:Eternal war in memory. In:Proc. of the 2013 IEEE Symp. on Security and Privacy (SP). San Francisco:IEEE Computer Society, 2013. 48-62.[doi:10.1109/SP.2013.13]

[44] Schuster F, Tendyck T, Liebchen C, Davi L, Sadeghi AR, Holz T. Counterfeit object-oriented programming:On the difficulty of preventing code reuse attacks in C++ applications. In:Proc. of the 2015 IEEE Symp. on Security and Privacy (SP). 2015. 745-62.[doi:10.1109/SP.2015.51]

[45] Liang Y, Peng GJ, Luo Y, Zhang HG. Mitigating ROP attacks via ARM-specific in-place instruction randomization. China Communications, 2016,13(9):208-826.[doi:10.1109/CC.2016.7582313]

[46] Abadi M, Budiu M, Erlingsson Ú, Ligatti J. Control-Flow integrity. In:Proc. of the 12th ACM Conf. on Computer and Communications Security (CCS 2005). New York:ACM Press, 2005. 340-353.[doi:10.1145/1102120.1102165]

[47] Abadi M, Budiu M, Erlingsson Ú, Ligatti J. Control-Flow integrity principles, implementations, and applications. ACM Trans. on Information and System Security, 2009,13(1):4:1-4:40.[doi:10.1145/1609956.1609960]

[48] Wu CG, Li JJ. The evolution of control flow integrity. 2016(in Chinese). http://www.inforsec.org/wp/?p=495

[49] Abadi M, Budiu M, Erlingsson Ú, Ligatti J. A theory of secure control flow. In:Lau KK, Banach R, eds. Proc. of 7th Int'l Conf. on Formal Engineering Methods (ICFEM 2005). Berlin, Heidelberg:Springer-Verlag, 2005. 11-24.[doi:10.1007/11576280_9]

[50] Arden O, George MD, Liu J, Vikram K, Askarov A, Myers AC. Sharing mobile code securely with information flow control. In:Proc. of the 2012 IEEE Symp. on Security and Privacy (SP). 2012. 191-205.[doi:10.1109/SP.2012.22]

[51] Zhang C, Wei T, Chen ZF, Duan L, Szekeres L, McCamant S, Song D, Zou W. Practical control flow integrity and randomization for binary executables. In:Proc. of the 2013 IEEE Symp. on Security and Privacy (SP). 2013. 559-73.[doi:10.1109/SP.2013.44]

[52] Zhang M, Sekar R. Control flow integrity for COTS binaries. In:Proc. of the 22nd USENIX Security Symp. (USENIX Security 2013). Washington:USENIX Association, 2013. 337-352.[doi:10.1145/2818000.2818016]

[53] Goktas E, Athanasopoulos E, Bos H, Portokalidis G. Out of control:Overcoming control-flow integrity. In:Proc. of the 2014 IEEE Symp. on Security and Privacy (SP). 2014. 575-89.[doi:10.1109/SP.2014.43]

[54] Niu B, Tan G. Modular control-flow integrity. In:Proc. of the 35th ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI 2014). New York:ACM Press, 2014. 577-587.[doi:10.1145/2594291.2594295]

[55] Niu B, Tan G. RockJIT:Securing just-in-time compilation using modular control-flow integrity. In:Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security (CCS 2014). New York:ACM Press, 2014. 1317-28.[doi:10.1145/2660267.2660281]

[56] Mohan V, Larsen P, Brunthaler S, Hamlen K, Franz M. Opaque control-flow integrity. In:Proc. of the 2015 Network and Distributed System Security Symp. (NDSS 2015). 2015.[doi:10.14722/ndss.2015.23271]

[57] Davi L, Koeberl P, Sadeghi AR. Hardware-Assisted fine-grained control-flow integrity:Towards efficient protection of embedded systems against software exploitation. In:Proc. of the 51st Annual Design Automation Conf. (DAC 2014). New York:ACM Press, 2014. 133:1-133:6.[doi:10.1145/2593069.2596656]

[58] Pewny J, Holz T. Control-Flow restrictor:Compiler-based CFI for iOS. In:Proc. of the 29th Annual Computer Security Applications Conf. (ACSAC 2013). New York:ACM Press, 2013. 309-318.[doi:10.1145/2523649.2523674]

[59] Chiueh TC, Hsu FH. RAD:A compile-time solution to buffer overflow attacks. In:Proc. of the 21st Int'l Conf. on Distributed Computing Systems. Mesa:IEEE, 2001. 409-417.[doi:10.1109/ICDSC.2001.918971]

[60] Davi L, Sadeghi AR, Winandy M. ROPdefender:A detection tool to defend against return-oriented programming attacks. In:Proc. of the 6th ACM Symp. on Information, Computer and Communications Security (ASIACCS 2011). New York:ACM Press, 2011. 40-51.[doi:10.1145/1966913.1966920]

[61] Frantzen M, Shuey M. StackGhost:Hardware facilitated stack protection-Vol.10. In:Proc. of the 10th Conf. on USENIX Security Symp. (SSYM 2001). Berkeley:USENIX Association, 2001. 5-5. http://dl.acm.org/citation.cfm?id=1267612.1267617

[62] Sinnadurai S, Zhao Q, Wong W. Transparent runtime shadow stack:Protection against malicious return address modifications. 2014. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.120.5702

[63] Iintel. Pin-A dynamic binary instrumentation tool. https://software.intel.com/en-us/articles/pintool

[64] PAX team. Address space layout raondomization (ASLR). 2001. https://pax.grsecurity.net/docs/aslr.txt

[65] Ubuntu. Ubuntu security features-Address space layout randomisation (ASLR). Ubuntu Wiki:2016, https://wiki.ubuntu.com/Security/Features#Address_Space_Layout_Randomisation_.28ASLR.29

[66] Schulz P. Android security analysis challenge:Tampering dalvik bytecode during runtime. Bluebox Security, 2013, https://bluebox.com/android-security-analysis-challenge-tampering-dalvik-bytecode-during-runtime/

[67] Liang Y, Ma X, Wu D, Tang X, Gao D, Peng G, Jia C, Zhang H. Stack layout randomization with minimal rewriting of Android binaries. In:Kwon S, Yun A, eds. Proc. of the Information Security and Cryptology (ICISC 2015). LNCS 9558, Cham:Springer Int'l Publishing, 2016. 229-45.[doi:10.1007/978-3-319-30840-1_15]

[68] Lee B, Lu L, Wang T, Kim T, Lee W. From zygote to morula:Fortifying weakened ASLR on Android. In:Proc. of the 2014 IEEE Symp. on Security and Privacy (SP). 2014. 424-439.[doi:10.1109/SP.2014.34]

[69] Hiser J, Nguyen-Tuong A, Co M, Hall M, Davidson JW. ILR:Where'd my gadgets go? In:Proc. of the 2012 IEEE Symp. on Security and Privacy (SP). 2012. 571-85.[doi:10.1109/SP.2012.39]

[70] Wartell R, Mohan V, Hamlen KW, Lin Z. Binary stirring:Self-randomizing instruction addresses of legacy x86 binary code. In:Proc. of the 2012 ACM Conf. on Computer and Communications Security (CCS 2012). New York:ACM Press, 2012. 157-168.[doi:10.1145/2382196.2382216]

[71] Pappas V, Polychronakis M, Keromytis AD. Smashing the gadgets:Hindering return-oriented programming using in-place code randomization. In:Proc. of the 2012 IEEE Symp. on Security and Privacy (SP). 2012. 601-615.[doi:10.1109/SP.2012.41]

[72] Chen Y. A survey of address space layout randomization (ASLR) enforcement. 2016(in Chinese). http://www.inforsec.org/wp/?p=1009

[73] Backes M, Nürnberger S. Oxymoron:Making fine-grained memory randomization practical by allowing code sharing. In:Proc. of the 23rd USENIX Security Symp. (USENIX Security 14). San Diego:USENIX Association, 2014. 433-447. https://www.usenix.org/node/184466

[74] Davi L, Christopher L, Sadeghi AR, Snow KZ, Monrose F. Isomeron:Code randomization resilient to (just-in-time) return-oriented programming. In:Proc. of the 2015 Network and Distributed System Security Symp. (NDSS 2015). 2015.[doi:10.14722/ndss.2015. 23262]

[75] Lu K, Nurnberger S, Backes M, Lee W. How to make ASLR win the clone wars:Runtime re-randomization. In:Proc. of the 2016 Network and Distributed System Security Symp. (NDSS 2016). 2016. http://www.cc.gatech.edu/~klu38/publications/runtimeaslr-ndss16.pdf

[76] Backes M, Holz T, Kollenda B, Koppe P, Nürnberger S, Pewny J. You can run but you can't read:Preventing disclosure exploits in executable code. In:Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security (CCS 2014). New York:ACM Press, 2014. 1342-1353.[doi:10.1145/2660267.2660378]

[77] Crane S, Liebchen C, Homescu A, Davi L, Larsen P, Sadeghi AR, Brunthaler S, Franz M. Readactor:Practical code randomization resilient to memory disclosure. In:Proc. of the 2015 IEEE Symp. on Security and Privacy (SP). 2015. 763-80.[doi:10.1109/SP. 2015.52]

[78] Pappas V, Polychronakis M, Keromytis AD. Transparent ROP exploit mitigation using indirect branch tracing. In:Proc. of the 22nd USENIX Security Symp. (USENIX Security 2013). Berkeley:USENIX Association, 2013. 447-462. http://dl.acm.org/citation.cfm?id=2534766.2534805

[79] Göktaş E, Athanasopoulos E, Polychronakis M, Bos H, Portokalidis G. Size does matter:Why using gadget-chain length to prevent code-reuse attacks is hard. In:Proc. of the 23rd USENIX Security Symp. (USENIX Security 2014). San Diego:USENIX Association, 2014. 417-432. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/goktas

[80] Liang Y, Fu J, Peng G, Peng B. S-Tracker:Attribution of shellcode exploiting stack. Journal of Huazhong University of Science and Technology (Natural Science Edition), 2014,42(11):39-46(in Chinese with English abstract).[doi:10.13245/j.hust.141108]

[81] Prakash A, Yin H. Defeating ROP through denial of stack pivot. In:Proc. of the 31st Annual Computer Security Applications Conf. (ACSAC 2015). New York:ACM Press, 2015. 111-120.[doi:10.1145/2818000.2818023]

[82] Tang J. Exploring control flow guard in Windows 10. 2015. http://documents.trendmicro.com/assets/wp/exploring-control-flow-guard-in-windows10.pdf

[83] Tencent PC Manager. Security features of Windows 10:The enforcement of exection flow. 2015(in Chinese). http://www.freebuf.com/articles/security-management/58373.html

[84] Dang T, Maniatis P, Wagner D. The performance cost of shadow stacks and stack canaries. In:Proc. of the 10th ACM Symp. on Information, Computer and Communications Security (ASIA CCS 2015). New York:ACM Press, 2015. 555-566.[doi:10.1145/2714576.2714635]

[85] Lu K, Xiong S, Gao D. RopSteg:Program steganography with return oriented programming. In:Proc. of the 4th ACM Conf. on Data and Application Security and Privacy (CODASPY 2014). New York:ACM Press, 2014. 265-272.[doi:10.1145/2557547. 2557572]

[86] Tang X, Liang Y, Ma X, Lin Y, Gao D. On the effectiveness of code-reuse based Android application obfuscation. In:Hong S, Park J, eds. Proc. of the Information Security and Cryptology (ICISC 2016). LNCS 10157, Cham:Springer-Verlag, 2017. 333-349.[doi:10.1007/978-3-319-53177-9_18]

[87] Wu J. Mimic defense in cyberspace. Secrecy Science and Technology, 2014,(10):4-9(in Chinese with English abstract). http://www.cnki.com.cn/Article/CJFDTotal-BMKJ201410001.htm

附中文参考文献:

[1] 梅宏,王千祥,张路,王戟.软件分析技术进展.计算机学报,2009,32(9):1697-1710. http://cjc.ict.ac.cn/quanwenjiansuo/2009-9/mh.pdf[doi:10.3724/SP.J.1016.2009.01697]

[2] 陈翔,顾庆,刘望舒,刘树龙,倪超.静态软件缺陷预测方法研究.软件学报,2016,27(1):1-25. http://www.jos.org.cn/1000-9825/4923.htm[doi:10.13328/j.cnki.jos.004923]

[3] 王铁磊.面向二进制程序的漏洞挖掘关键技术研究[博士学位论文].北京:北京大学,2011. http://d.wanfangdata.com.cn/Thesis/Y2024928

[4] 张焕国,韩文报,来学嘉,林东岱,马建峰,李建华.网络空间安全综述.中国科学:信息科学,2016,46(2):125-164.[doi:10.1360/N112015-00176]

[6] 梁玉.软件二进制代码重用关键技术研究[博士学位论文].武汉:武汉大学,2016.

[8] 魏强,韦韬,王嘉捷.软件漏洞利用缓解及其对抗技术演化.清华大学学报:自然科学版,2011,51(10):1274-1280.[doi:10.16511/j. cnki.qhdxxb.2011.10.015]

[31] 钱逸.基于ARM架构的ROP攻击与防御技术研究[硕士学位论文].上海:上海交通大学,2012. http://cdmd.cnki.com.cn/Article/CDMD-10248-1013022062.htm

[32] 邢骁,陈平,丁文彪,茅兵,谢立.BIOP:自动构造增强型ROP攻击.计算机学报,2014,37(5):1111-1123. http://d.wanfangdata.com.cn/Periodical/jsjxb201405012[doi:10.3724/SP.J.1016.2014.01111]

[37] 钱逸,王轶骏,薛质.基于ARM平台的ROP攻击及防御技术.信息安全与通信保密,2012,(10):75-77.[doi:10.3969/j.issn.1009-8054.2012.10.036]

[48] 武成岗,李建军.控制流完整性的发展历程.2016. http://www.inforsec.org/wp/?p=495

[72] Chen Y.地址空间布局随机化(ASLR)增强研究综述.2016. http://www.inforsec.org/wp/?p=1009

[80] 梁玉,傅建明,彭国军,等.S-Tracker:基于栈异常的shellcode检测方法.华中科技大学学报(自然科学版),2014,42(11):39-46.[doi:10.13245/j.hust.141108]

[83] 腾讯电脑管家.Win10安全特性之执行流保护.2015. http://www.freebuf.com/articles/security-management/58373.html

[87] 邬江兴.网络空间拟态安全防御.保密科学技术,2014,(10):4-9. http://www.cnki.com.cn/Article/CJFDTotal-BMKJ201410001.htm

Get Citation

彭国军,梁玉,张焕国,傅建明.软件二进制代码重用技术综述.软件学报,2017,28(8):2026-2045

Copy

Article Metrics

Abstract:
PDF:
HTML:
Cited by:

History

Received:August 31,2016
Revised:November 04,2016
Adopted:
Online: August 15,2017
Published:

You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address：4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code：100190
Phone：010-62562563 Fax：010-62562533 Email：jos@iscas.ac.cn
Technical Support：Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063

微信服务号

微信订阅号

Get Citation

Share

微信扫一扫：分享

Article Metrics

History