| 基于封装结构随机化的程序保护方法 |
| |
| 引用本文: | 陈平,邢骁,辛知,王逸,茅兵,谢立.基于封装结构随机化的程序保护方法[J].计算机研究与发展,2011,48(12). |
| |
| 作者姓名: | 陈平 邢骁 辛知 王逸 茅兵 谢立 |
| |
| 作者单位: | 1. 南京大学软件新技术国家重点实验室 南京210093
2. 南京大学计算机科学与技术系 南京 210093 |
| |
| 基金项目: | 国家自然科学基金项目(60773171,61073027,90818022,61021062); 国家“八六三”高技术研究发展计划基金项目(2007AA01Z448); 国家“九七三”重点基础研究发展计划基金项目(2009CB320705) |
| |
| 摘 要: | 随机化方法作为保护程序免受攻击的一项技术,已经得到广泛的应用.但现有的随机化方法存在两个问题:其一,粒度较粗,不能阻止发生在函数、结构体、类内部的攻击;其二,绝大多数攻击是通过外部输入篡改关键对象,而现有随机化方法对这种攻击特点关注不够.基于此,一种增强的随机化安全结构被提出:通过对封装结构(函数、结构体以及类)内部的结构重新排列而达到随机化的细粒度;同时,分析抽取出与外部输入相关的数组,并在这些数组之间插入哨兵,防止其产生溢出.这种随机化方法不仅将随机化技术应用到函数、结构体、类内部,而且抓住了攻击的特点,对关键的与输入相关的数组对象进行保护,使程序免受控制流和非控制流攻击,从而增强了现有的随机化技术.
|
| 关 键 词: | 计算机安全 软件安全 软件漏洞 封装数据结构 随机化 |
Protecting Programs Based on Randomizing the Encapsulated Structure |
| |
| Chen Ping,Xing Xiao,Xin Zhi,Wang Yi,Mao Bing,Xie Li.Protecting Programs Based on Randomizing the Encapsulated Structure[J].Journal of Computer Research and Development,2011,48(12). |
| |
| Authors: | Chen Ping Xing Xiao Xin Zhi Wang Yi Mao Bing Xie Li |
| |
| Affiliation: | Chen Ping,Xing Xiao,Xin Zhi,Wang Yi,Mao Bing,and Xie Li (State Key Laboratory for Novel Software Technology (Nanjing University),Nanjing 210093) (Department of Computer Science and Technology,Nanjing University,Nanjing 210093) |
| |
| Abstract: | Randomization method is widely applied into practice for protecting the program from attacks. There are two limitations in existing randomization techniques. One is that they are coarse-grained, as such they may fail to defend the attacks caused by maliciously fabricating the inner variable in function/struct/class. Another limitation is that existing randomization techniques ignore the fact that majority of the attacks leverage the input data to fabricate the sensitive data objects. In this paper, a fine-g... |
| |
| Keywords: | computer security software security software vulnerability encapsulated structure randomization |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
