共查询到19条相似文献,搜索用时 93 毫秒
1.
针对JavaScript引擎在即时编译模式下的开销过高和网页加载时间过长的问题,改进JavaScript引擎中即时编译模式的编译方式,设计一种对JavaScript代码的动态编译方式,只对JavaScript代码中频繁执行的热点区域进行即时编译,其余代码则运行在解释模式下,合理地利用了即时编译模式。实验测试结果表明,动态编译方式能够减少JavaScript引擎的开销耗费,加快网页的加载速度。 相似文献
2.
尽管现有多种防御方法和技术,但是针对软件系统和网络的攻击仍然是难以防范的威胁.在引入只读/写和地址空间随机化排列方法后,现代操作系统能有效地应对恶意代码注入类型的攻击.但是攻击者可以利用程序中已经存在的代码,将其组装成具有图灵完全计算功能的连续的代码块,用以绕过已有的防御机制.针对代码复用类攻击防御方法的局限性,提出了一种利用返回地址实时保护机制的防御方法,以有效防御代码复用类攻击,特别是ROP攻击.在程序运行时,通过对其栈中返回地址值的加密保护和实时检测,防止所有的以0xC3字符(即ret指令)结尾的短序列代码段的连续执行.该方法不需要源代码和调试信息,能完全防御ROP攻击,并且其性能开销也具有明显的优势. 相似文献
3.
返回导向编程(return-oriented programming,简称ROP)被广泛用于软件漏洞利用攻击中,用来构造攻击代码.通过更新ROP构造技术,证实了图灵完备的纯ROP攻击代码在软件模块中是普遍可实现的.ROP构造功能代码的难点是实现条件转移逻辑.通过深入分析条件转移机器指令的执行上下文发现,对这些指令的传统认知存在一定的局限性.事实上,在已有代码中存在少量的条件转移指令,它们的两个分支的开始部分都是可复用的代码片段(称为gadgets),而且这两个gadgets会从不同的内存单元中取得下一个gadget的地址,因此,以这些条件转移指令开始的代码片段可以帮助ROP实现条件转移逻辑.把这种代码片段称为if-gadget.在Linux和Windows系统上的实验结果表明,if-gadget普遍存在,即使在代码量很小的日常可执行程序中也存在.在Binutils程序集上的实验结果表明,引入if-gadget后,构造图灵完备的ROP代码要比用传统方法容易得多.在Ubuntu这样的主流操作系统上,由于可执行程序上默认没有实施防御ROP攻击的保护机制,因此,攻击者可以在这些软件模块中构造纯ROP攻击代码来发动攻击.由此可见,ROP对系统安全的威胁比原来认为的严重得多. 相似文献
4.
《计算机应用与软件》2015,(7)
JavaScript作为一种编程/脚本语言,已经广泛应用于Web开发,以增加更多的动态功能和效果,最终改善用户体验。然而它的动态特征在提升用户与网站的交互能力的同时也带来了安全问题。通过注入恶意JavaScript代码,攻击者可在网页中加入恶意内容,传播病毒、木马,实现网络钓鱼攻击。通过对大量网页恶意代码的研究,对网页JavaScript恶意代码特征进行分类,构建了基于JavaScript代码基本统计信息,基于混淆技术、基于URL重定向技术,基于恶意攻击过程四类特征的分类模型。采用多种基于机器学习的分类方法对恶意代码样本进行检测,完成对该分类模型的验证。实验表明,基于上述特征形成的分类模型对恶意代码具有较好的识别能力。 相似文献
5.
针对传统的代码注入和代码复用等攻击技术的缺陷,返回导向编程(Return-Oriented Programming,ROP)提出了复用以ret指令结尾的短指令序列,实现图灵完备编程的思想.ROP攻击可以绕开现有的针对代码注入的防御,且相比于传统代码复用技术,构造功能更为强大.但ROP攻击使用的ret指令结尾的指令序列具有明显的特征,这些特征导致ROP攻击容易被检测到.现有的ROP改进技术使用jmp指令结尾的短指令序列构造攻击,虽然消除了以ret指令结尾的特征,但同时引入了新的特征,且并不具有实用性.文中提出了一种分支指令导向(Branch Instruction-Oriented Programming,BIOP)攻击技术,使用jmp指令或call指令结尾的短指令序列构造攻击.相比于以前的工作,BIOP不引入新的特征,能有效避免现有的防御技术.同时我们分析并解决了构造攻击时寄存器的副作用,提出控制指令序列概念解决构造时内存冲突,实现自动化构造BIOP攻击.作者设计了一个自动化构造BIOP工具,构造了大量实际的BIOP shellcode,实验结果表明BIOP攻击可以绕过现有的ROP防御技术. 相似文献
6.
《计算机应用与软件》2019,(9)
针对静动态逆向分析容易获取程序内部核心代码的问题,提出一种基于ROP技术的代码混淆方法。借鉴ROP攻击技术的代码组织和调用方式,利用内存空间随机分布的gadget指令序列执行目标代码的等价功能,实现隐藏目标代码和抵抗逆向分析的目的。从有效性、时间开销和空间开销三个方面评价方法的性能,分析和实验表明,该方法能够有效增加攻击者静动态获取和分析目标代码的难度,具有较好的时间和空间开销性能。 相似文献
7.
随着w⊕x等技术的引入,传统的代码注入攻击几乎被消除,return-to-lib攻击受到很大程度的抑制。在此
背景下,Hovav Shacham提出了Return-Oriented Programming(ROP)的思想,该思想基于栈溢出的原理,通过使用程
序库中有效的以ret指令结尾的短指令序列构建gadget集合,使之具有图灵完备特性,来完成计算和攻击。讲述ROP
思想自提出以来的一些研究成果和其实际的攻击能力,阐述ROP自动化的当前成果与未来可能的发展方向,进而分
析和预测ROP自动化的下一步的研究方向。同时,也将从ROP的几个特征分析消除这种攻击的策略和方法,并介绍
目前已有的防护思想和成果,论述这些方法的优缺点和改进方向。综合阐述ROP攻击与ROP防护这一矛与盾的问
题,力争使读者理解ROP的思想,知悉当前的发展状态,并在此基础上能够进一步推进ROP攻击及其防范的研究。 相似文献
8.
《电脑爱好者》2005,(20)
漏洞再现:IE6.0嵌入内容跨站漏洞影响系统:IE6.0漏洞分析:微软Windows操作系统附带的IE6.0在最近被发现中存在跨站脚本漏洞,在Web浏览器的HTML渲染引擎可以不经过身份验证执行注入恶意代码,恶意攻击者可以在HTML文件中使用其他可嵌入的文件,如JPG、WAV、AVI、RM/RAM等。如果嵌入的文件内含有攻击代码的话可以使攻击者在目标系统中执行任意代码。补“洞”办法:微软公司尚未发布相关漏洞补丁,建议有条件的用户可以升级到微软发布的IE6.0SP1中文版浏览器http://www.microsoft.com/downloads/details.aspx?FamilyID=1e1550cb-5e5… 相似文献
9.
Java虚拟机即时编译器以方法为单位进行编译,编译器将字节码方法编译成可执行代码,并经过数据cache存入内存中,当再次执行到该代码段时,处理器需要从包含该代码段的内存区域取指令执行,如果该内存区域在数据cache中已经建立映射,就可以直接从数据cache中读取数据,读数据的性能就会有大幅度的提高.但是编译生成的大量可执行代码在cache中频繁替换,当生成代码被替换出cache后,代码再次执行时处理器必须访问速度较慢的主存储器,成为编译器的性能瓶颈.设计并实现了硬件cache锁机制,提出了一种软硬件协同设计的即时编译方法.通过该方法,生成代码执行时的cache失效次数降低了6.9%,SPECjvm2008中程序最高获得了17.9%的性能提升,平均性能提升4.2%. 相似文献
10.
当前关于网页挂马攻击检测的研究集中于静态检测方法和动态检测方法,但随着Web应用中动态交互技术及代码混淆技术的大量应用,静态检测方法效果已不明显,同时动态检测方法往往耗时过多。本文在总结当前关于网页挂马攻击检测研究的基础上,提出网页挂马攻击中的JavaScript重定向混淆检测方法,并基于开源JavaScript脚本引擎SpiderMonkey进行设计与实现。此方法可有效解决网页挂马攻击中的JavaScript脚本重定向混淆问题,也可作为低交互客户端蜜罐与高交互客户端蜜罐结合使用提高检测效率。 相似文献
11.
ROPDetector:一种基于硬件性能计数器的ROP攻击实时检测方法 总被引:1,自引:0,他引:1
面向返回编程(Return-Oriented Programming,ROP)是针对软件漏洞利用最广泛的攻击技术之一,能够绕过数据执行保护、地址空间布局随机化等防御机制.本文提出了一种基于硬件的ROP攻击实时检测方法,在不需要任何边缘信息(如源代码、编译器支持)和二进制重写的情况下,利用现代CPU中的硬件性能计数器监控目标程序执行过程,提取ROP攻击发生时底层硬件事件特征来实时检测ROP攻击.然后,在32位Linux实验环境下实现了原型系统ROPDetector,使用真实的ROP攻击与漏洞进行实验,并与同类方法进行了对比实验,最后评估了系统的性能消耗.实验结果表明,该方法能有效地检测真实的ROP攻击,在分别以6次和9次错误预测返回指令为检测周期时,系统性能消耗仅有5.05%和5.25%,磁盘I/O性能消耗仅有0.94%和2%,网络I/O性能消耗仅有0.06%和0.78%. 相似文献
12.
AliAkbar Sadeghi Salman Niksefat Maryam Rostamipour 《Journal in Computer Virology》2018,14(2):139-156
Return-oriented programming (ROP) and jump-oriented programming (JOP) are two well-known code-reuse attacks in which short code sequences ending in ret or jmp instructions are located and chained in a specific order to execute the attacker’s desired payload. JOP, comparing to ROP, is even more effective because it can be invoked without any reliance on the ret instruction and therefore it can bypass new defense mechanisms against ROP. In this paper, we continue this line of work by proposing Pure-Call Oriented Programming (PCOP). In PCOP, we drive the control flow by proposing special gadgets that all end in a call instruction rather than ret or jmp. We then propose techniques for chaining gadgets that removes the side-effects arise from the call-ending gadgets. The idea of having call-ending gadgets with the term Call Oriented Programming has been noted in some previous work but using call gadgets in these works, due to side-effects of the call instruction, was limited to one or two call-ending gadgets between other ret/jmp gadgets. Our work is the first that shows real code-reuse attacks solely based on call gadgets. We also show that our proposed approach is Turing-complete, meaning that any functionality can be driven by PCOP. We have successfully identified some call-oriented gadgets inside GNU libc library. Our experiments with the example shellcode show the practicality of the proposed approach. Finally, we propose a variant of PCOP named TinyCOP which resists detection by recent code-reuse defense mechanisms. 相似文献
13.
代码复用攻击日趋复杂,传统的代码随机化方法已无法提供足够的防护.为此,提出一种基于运行时代码随机化的代码复用攻击防御方法LCR.该方法在目标程序正常运行时,实时监控攻击者企图获取或利用gadgets的行为,当发现监控的行为发生时,立即触发对代码进行函数块级的随机化变换,使攻击者最终获取或利用的gadgets信息失效,从而阻止代码复用攻击的实现.设计实现了LCR原型系统,并对提出的方法进行了测试.结果表明:LCR能够有效防御基于直接或间接内存泄漏等实现的代码复用攻击,且在SPEC CPU2006上的平均开销低于5%. 相似文献
14.
G. Deepa P. Santhi Thilagam Furqan Ahmed Khan Amit Praseed Alwyn R. Pais Nushafreen Palsetia 《International Journal of Information Security》2018,17(1):105-120
As web applications become the most popular way to deliver essential services to customers, they also become attractive targets for attackers. The attackers craft injection attacks in database-driven applications through the user-input fields intended for interacting with the applications. Even though precautionary measures such as user-input sanitization is employed at the client side of the application, the attackers can disable the JavaScript at client side and still inject attacks through HTTP parameters. The injected parameters result in attacks due to improper server-side validation of user input. The injected parameters may either contain malicious SQL/XML commands leading to SQL/XPath/XQuery injection or be invalid input that intend to violate the expected behavior of the web application. The former is known as an injection attack, while the latter is called a parameter tampering attack. While SQL injection has been intensively examined by the research community, limited work has been done so far for identifying XML injection and parameter tampering vulnerabilities. Database-driven web applications today rely on XML databases, as XML has gained rapid acceptance due to the fact that it favors integration of data with other applications and handles diverse information. Hence, this work proposes a black-box fuzzing approach to detect XQuery injection and parameter tampering vulnerabilities in web applications driven by native XML databases. A prototype XiParam is developed and tested on vulnerable applications developed with a native XML database, BaseX, as the backend. The experimental evaluation clearly demonstrates that the prototype is effective against detection of both XQuery injection and parameter tampering vulnerabilities. 相似文献
15.
Modern virtual machines for JavaScript use just-in-time (JIT) compilation to produce binary code. JIT compilers cannot perform complex optimizations. In contrast, static compilation has unlimited capabilities for complex optimizing transformations, but it cannot be efficiently applied to dynamic languages, such as JavaScript. In this paper, a general approach to the ahead-of-time compilation of programs in dynamic languages is proposed, and this approach is used for improving two virtual machines JavaScript- Core and V8. In the implementation of the improved JavaScriptCore engine with ahead-of-time compilation, the specifics of using JavaScript programs as a part of locally stored applications for the ARM platform were taken into account. In the V8 engine for the x86-64 platform, the ahead-of-time compilation is implemented by caching an optimized internal representation in a separate file. 相似文献
16.
为应对信息化生活中的网络攻击及威胁,降低网络系统中同质化攻击快速蔓延的风险,增强网络和软件的安全性,软件多样化技术被应用到系统中。软件多样化旨在生成功能等价但内部发生变化的程序变体,从而改变单一的运行环境,缓解同质化攻击。现有的多样化技术的评估指标 ROP(return-oriented programming)gadgets 幸存率难以直接体现安全性影响且评估方法单一,为了更加全面有效地评估软件多样化方法的有效性,提出基于ROP/JOP(jump-oriented programming)gadgets性质的软件多样化评估方法,通过分析常见的代码重用攻击,将抽象的量化转为具象的指标,从空间、时间及质量3个方面评估多样化方法的安全增益及效果。该方法根据gadgets的相似性、损坏度和可用性3个性质探讨软件多样化技术如何影响ROP/JOP攻击。用指令替换、NOP插入、控制流平坦等9种多样化方法对GNU coreutils程序集进行多样化编译生成多样化程序集。对多样化程序集进行基于 gadgets 性质的实验,根据实验结果评估不同多样化方法的有效性及对攻击造成的影响。实验结果表明,该方法能够对软件多样化方法的安全增益进行准确评估,多样化技术会导致 ROP/JOP 攻击所需的攻击链空间增大,构造攻击链的时间变长且攻击成功率降低。不同的多样化方法产生的效果高低不一,对后续研究具有更高安全增益的多样化技术有指导作用。 相似文献
17.
With the increasingly connected nature of Cyber-Physical Systems (CPS), new attack vectors are emerging that were previously not considered in the design process. Specifically, autonomous vehicles are one of the most at risk CPS applications, including challenges such as a large amount of legacy software, non-trusted third party applications, and remote communication interfaces. With zero day vulnerabilities constantly being discovered, an attacker can exploit such vulnerabilities to inject malicious code or even leverage existing legitimate code to take over the cyber part of a CPS. Due to the tightly coupled nature of CPS, this can lead to altering physical behavior in an undesirable or devastating manner. Therefore, it is no longer effective to reactively harden systems, but a more proactive approach must be taken. Moving target defense (MTD) techniques such as instruction set randomization (ISR), and address space randomization (ASR) have been shown to be effective against code injection and code reuse attacks. However, these MTD techniques can result in control system crashing which is unacceptable in CPS applications since such crashing may cause catastrophic consequences. Therefore, it is crucial for MTD techniques to be complemented by control reconfiguration to maintain system availability in the event of a cyber-attack. This paper addresses the problem of maintaining system and security properties of a CPS under attack by integrating moving target defense techniques, as well as detection, and recovery mechanisms to ensure safe, reliable, and predictable system operation. Specifically, we consider the problem of detecting code injection as well as code reuse attacks, and reconfiguring fast enough to ensure the safety and stability of autonomous vehicle controllers are maintained. By using MTD such as ISR, and ASR, our approach provides the advantage of preventing attackers from obtaining the reconnaissance knowledge necessary to perform code injection and code reuse attacks, making sure attackers can’t find vulnerabilities in the first place. Our system implementation includes a combination of runtime MTD utilizing AES 256 ISR and fine grained ASR, as well as control management that utilizes attack detection, and reconfiguration capabilities. We evaluate the developed security architecture in an autonomous vehicle case study, utilizing a custom developed hardware-in-the-loop testbed. 相似文献
18.
19.