GCC-based hijack attack defense method for fine-grained virtual function table

A virtual function table and virtual function technology, which is applied in the field of fine-grained virtual function table hijacking attack defense based on GCC, can solve the problems of security to be improved, compatibility and overhead affecting the execution efficiency of defense methods, etc.

Active Publication Date: 2017-11-21
NANJING UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing defense methods still need to be improved in terms of security, and issues such as compatibility and overhead also affect the execution efficiency of defense methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • GCC-based hijack attack defense method for fine-grained virtual function table
  • GCC-based hijack attack defense method for fine-grained virtual function table
  • GCC-based hijack attack defense method for fine-grained virtual function table

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0078] The present invention will be further described below in conjunction with the accompanying drawings and specific preferred embodiments.

[0079] Such as figure 1 As shown, a GCC-based fine-grained virtual function table hijacking attack defense method, the overall structure and working principles include:

[0080] 101: Collect the class inheritance relationship and the virtual function table corresponding to the class. The syntax analysis stage in the GCC compilation process generates intermediate language, analyzes the intermediate language to identify the classes in the program, builds the class inheritance diagram, and records its virtual function table set for each class as the basis for constructing a legal target set. In GCC, the macro RECORD_TYPE indicates the type declared by struct or class, which can identify the class in the program. Each class has a macro BINFO to associate the parent class and subclass, and the parent class and virtual function table info...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a GCC-based hijack attack defense method for a fine-grained virtual function table. The method comprises the following steps: firstly, collecting a class hierarchy relation and a virtual function table corresponding to a class; secondly, constructing a legal target set; thirdly, recognizing calling points of virtual functions and carrying out instrumentation verification on the functions; fourthly, generating verification data during running; and fifthly, verifying legitimacy of calling of the virtual functions. The defense method analyzes intermediate code representation of a source program, under the condition that the accurate class hierarchy relation is obtained, specific object types of the calling points of the virtual functions and the called virtual functions are used as basis, the calling points of the virtual functions construct an accurate and legal target set, the accuracy of the hijack attack defense method for the virtual function table is improved, and meanwhile, the compatibility and performance of the defense method are also ensured.

Description

technical field [0001] The invention relates to the field of virtual function table hijacking attack defense, in particular to a fine-grained virtual function table hijacking attack defense method based on GCC. Background technique [0002] In a C++ program, in order to realize the dynamic binding mechanism, the compiler generates a virtual function table for the class containing virtual function members in the program, and generates a pointer to the virtual function table for the corresponding object. The virtual function table hijacking attack uses the vulnerabilities in the C++ program (such as u-a-f, buffer overflow vulnerabilities, etc.), tampers with the virtual function table or the pointer to the virtual function table to change the actual call target of the virtual function, thereby hijacking the control flow. Since there are a large number of virtual function calls in C++ programs (for example, 91.8% of indirect calls in Google Chrome are virtual function calls), v...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566
Inventor 曾庆凯邹振威
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap