亞洲知識產權資訊網為知識產權業界提供一個一站式網上交易平台,協助業界發掘知識產權貿易商機,並與環球知識產權業界建立聯繫。無論你是知識產權擁有者正在出售您的知識產權,或是製造商需要購買技術以提高操作效能,又或是知識產權配套服務供應商,你將會從本網站發掘到有用的知識產權貿易資訊。
返回搜索結果

Software Protects Against Code Reuse Attacks by Randomizing Code

總結
Researchers at Purdue University have addressed these issues with a program designed for Unix-based systems, dubbed Marlin. Marlin takes a finer-grained approach to randomizing a program's code, rearranging at the level of "function blocks". Unlike other programs, Marlin randomizes the code every time a program is executed, resulting in near 100 percent rearrangement of function blocks. Using Marlin, the researchers have succeeded in preventing an attack on a program with a known vulnerability. The researchers estimate that for common Linux programs, 2730 brute force attempts at 14.3 seconds per attempt are necessary for a successful attack. Marlin also reduces the cost on computer performance by performing all the necessary computations before a program is launched, averaging 0.87 seconds each for 131 common Linux programs.
技術優勢
Less susceptible to attacks than comparable softwareDoes not affect the speed of an application once loadedSuccessful even against vulnerable software
技術應用
Computer Security
詳細技術說明
Elisa BertinoPurdue Computer ScienceDatabase & Information Security GroupCyber CenterCERIAS
*Abstract
*Background
Return Oriented Programming (ROP) attacks are a current threat to computer security. In an ROP attack, code existing in a computer application is appropriated for malicious purposes. In the attack, pieces of this existing code are located and strung together, allowing the attacker to perform any arbitrary computation. This problem has previously been addressed by randomizing the addresses of large segments of code in hope that the ROP attack cannot find the necessary code. Unfortunately, this current security method is susceptible to brute-force attacks, which 32-bit systems are particularly susceptible when compared to 64-bit systems. Current security programs can also have the disadvantages of requiring the source code, designed to run too infrequently, or decreasing overall computer speed and performance.
*Stage of Development
Prototype Testing
*Web Links
Purdue Office of Technology CommercializationPurdueInnovation and EntrepreneurshipElisa BertinoPurdue Computer ScienceDatabase & Information Security GroupCyber CenterCERIAS
國家/地區
美國

欲了解更多信息,請點擊 這裡
移動設備