亚洲知识产权资讯网为知识产权业界提供一个一站式网上交易平台,协助业界发掘知识产权贸易商机,并与环球知识产权业界建立联系。无论你是知识产权拥有者正在出售您的知识产权,或是制造商需要购买技术以提高操作效能,又或是知识产权配套服务供应商,你将会从本网站发掘到有用的知识产权贸易资讯。
返回搜索结果

Software Protects Against Code Reuse Attacks by Randomizing Code

总结
Researchers at Purdue University have addressed these issues with a program designed for Unix-based systems, dubbed Marlin. Marlin takes a finer-grained approach to randomizing a program's code, rearranging at the level of "function blocks". Unlike other programs, Marlin randomizes the code every time a program is executed, resulting in near 100 percent rearrangement of function blocks. Using Marlin, the researchers have succeeded in preventing an attack on a program with a known vulnerability. The researchers estimate that for common Linux programs, 2730 brute force attempts at 14.3 seconds per attempt are necessary for a successful attack. Marlin also reduces the cost on computer performance by performing all the necessary computations before a program is launched, averaging 0.87 seconds each for 131 common Linux programs.
技术优势
Less susceptible to attacks than comparable softwareDoes not affect the speed of an application once loadedSuccessful even against vulnerable software
技术应用
Computer Security
详细技术说明
Elisa BertinoPurdue Computer ScienceDatabase & Information Security GroupCyber CenterCERIAS
*Abstract
*Background
Return Oriented Programming (ROP) attacks are a current threat to computer security. In an ROP attack, code existing in a computer application is appropriated for malicious purposes. In the attack, pieces of this existing code are located and strung together, allowing the attacker to perform any arbitrary computation. This problem has previously been addressed by randomizing the addresses of large segments of code in hope that the ROP attack cannot find the necessary code. Unfortunately, this current security method is susceptible to brute-force attacks, which 32-bit systems are particularly susceptible when compared to 64-bit systems. Current security programs can also have the disadvantages of requiring the source code, designed to run too infrequently, or decreasing overall computer speed and performance.
*Stage of Development
Prototype Testing
*Web Links
Purdue Office of Technology CommercializationPurdueInnovation and EntrepreneurshipElisa BertinoPurdue Computer ScienceDatabase & Information Security GroupCyber CenterCERIAS
国家/地区
美国

欲了解更多信息,请点击 这里
移动设备