ROP Attack Detection Approach Based on Hardware Branch Information

doi:10.13328/j.cnki.jos.005829

微信服务号

微信订阅号

2025-4-24- 14

Home > Archive>Volume 31, Issue 11, 2020 >3588-3602. DOI:10.13328/j.cnki.jos.005829

PDF HTML XML Export Cite reminder

ROP Attack Detection Approach Based on Hardware Branch Information
DOI:
                        10.13328/j.cnki.jos.005829
                    
Author:
                        LI Wei-WeiLI Wei-Wei
National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
MA YueMA Yue
National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
WANG Jun-JieWANG Jun-Jie
National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
GAO Wei-YiGAO Wei-Yi
National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100049, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
YANG Qiu-SongYANG Qiu-Song
National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
LI Ming-ShuLI Ming-Shu
National Engineering Research Center of Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
Find this author on CNKI
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:
Clc Number:TP309
Fund Project:National Science and Technology Major Program for Core Electronic Device, High-end Chip, and Basic Software Product (2014ZX01029101-002); Strategic Priority Research Program of Chinese Academy of Sciences (XDA-Y01-01)

Article

Figures

Metrics

Reference

Cited by

Materials

Comments

Abstract:

Control flow integrity (CFI) is an effective method to defend against return-oriented programming (ROP) attack. To address the four drawbacks of current CFI approaches, i.e., high performance overhead, relying on software code information, subject to history flushing attack, and evasion attack, this study proposed an ROP attack detection approach based on hardware branch information—mispredicted indirect branch checker, called MIBChecker. It performs real time ROP detection on every mispredicted indirect branch via events triggered by performance monitor unit, and produces a new critical syscall data detection approach to defend against ROP attacks using short gadgets-chain. Experiments show that MIBChecker can detect gadgets which is not affected by history flushing attack, and can effectively detect common ROP attack and evasion attack with only 5.7% performance overhead.

Key words:return-oriented programming;control flow integrity;history flushing attack;evasion attack

Get Citation

李威威,马越,王俊杰,高伟毅,杨秋松,李明树.基于硬件分支信息的ROP攻击检测方法.软件学报,2020,31(11):3588-3602

Copy

Article Metrics

Abstract:
PDF:
HTML:
Cited by:

History

Received:July 14,2018
Revised:November 06,2018
Adopted:
Online: November 07,2020
Published: November 06,2020

You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address：4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code：100190
Phone：010-62562563 Fax：010-62562533 Email：jos@iscas.ac.cn
Technical Support：Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063

微信服务号

微信订阅号

Get Citation

Share

微信扫一扫：分享

Article Metrics

History