ROP Attack Detection Approach Based on Hardware Branch Information
Author:
Affiliation:

Clc Number:

TP309

Fund Project:

National Science and Technology Major Program for Core Electronic Device, High-end Chip, and Basic Software Product (2014ZX01029101-002); Strategic Priority Research Program of Chinese Academy of Sciences (XDA-Y01-01)

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    Control flow integrity (CFI) is an effective method to defend against return-oriented programming (ROP) attack. To address the four drawbacks of current CFI approaches, i.e., high performance overhead, relying on software code information, subject to history flushing attack, and evasion attack, this study proposed an ROP attack detection approach based on hardware branch information—mispredicted indirect branch checker, called MIBChecker. It performs real time ROP detection on every mispredicted indirect branch via events triggered by performance monitor unit, and produces a new critical syscall data detection approach to defend against ROP attacks using short gadgets-chain. Experiments show that MIBChecker can detect gadgets which is not affected by history flushing attack, and can effectively detect common ROP attack and evasion attack with only 5.7% performance overhead.

    Reference
    Related
    Cited by
Get Citation

李威威,马越,王俊杰,高伟毅,杨秋松,李明树.基于硬件分支信息的ROP攻击检测方法.软件学报,2020,31(11):3588-3602

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:July 14,2018
  • Revised:November 06,2018
  • Adopted:
  • Online: November 07,2020
  • Published: November 06,2020
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063