Research on the defense method of vtable hijacking

Wang Zixiang; Shan Chun; Xue Jingfeng; Sun Shiyouhu Changzhen

doi:10.14257/ijsia.2016.10.11.22

Research on the defense method of vtable hijacking

Wang Zixiang^*, Shan Chun, Xue Jingfeng, Sun Shiyouhu Changzhen

^*此作品的通讯作者

计算机学院

Beijing Institute of Technology

科研成果: 期刊稿件 › 文章 › 同行评审

1 引用（Scopus）

摘要

Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.

源语言	英语
页（从-至）	267-280
页数	14
期刊	International Journal of Security and its Applications
卷	10
期	11
DOI	https://doi.org/10.14257/ijsia.2016.10.11.22
出版状态	已出版 - 2016

访问文件

10.14257/ijsia.2016.10.11.22

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{723f7df7e07d45a482f79505178c8003,

title = "Research on the defense method of vtable hijacking",

abstract = "Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.",

keywords = "Memory corruption vulnerability, Software security, Virtual function table hijacking attack",

author = "Wang Zixiang and Shan Chun and Xue Jingfeng and Changzhen, {Sun Shiyouhu}",

note = "Publisher Copyright: {\textcopyright} 2016 SERSC.",

year = "2016",

doi = "10.14257/ijsia.2016.10.11.22",

language = "English",

volume = "10",

pages = "267--280",

journal = "International Journal of Security and its Applications",

issn = "1738-9976",

publisher = "Science and Engineering Research Support Society",

number = "11",

}

TY - JOUR

T1 - Research on the defense method of vtable hijacking

AU - Zixiang, Wang

AU - Chun, Shan

AU - Jingfeng, Xue

AU - Changzhen, Sun Shiyouhu

PY - 2016

Y1 - 2016

N2 - Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.

AB - Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.

KW - Memory corruption vulnerability

KW - Software security

KW - Virtual function table hijacking attack

UR - http://www.scopus.com/inward/record.url?scp=85018212534&partnerID=8YFLogxK

U2 - 10.14257/ijsia.2016.10.11.22

DO - 10.14257/ijsia.2016.10.11.22

M3 - Article

AN - SCOPUS:85018212534

SN - 1738-9976

VL - 10

SP - 267

EP - 280

JO - International Journal of Security and its Applications

JF - International Journal of Security and its Applications

IS - 11

ER -

Research on the defense method of vtable hijacking

摘要

访问文件

其它文件与链接

指纹

引用此