作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (9): 133-135. doi: 10.3969/j.issn.1000-3428.2009.09.046

• 安全技术 • 上一篇    下一篇

基于函数签名的控制流监控方法

薛永岭,黄 皓,张 博   

  1. (南京大学计算机科学与技术系,南京 210093)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-05-05 发布日期:2009-05-05

Control-flow Monitoring Method Based on Function Signature

XUE Yong-ling, HUANG Hao, ZHANG Bo   

  1. (Department of Computer Science and Technology, Nanjing University, Nanjing 210093)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-05-05 Published:2009-05-05

摘要: 针对恶意篡改程序控制流攻击方式,提出一种监控程序控制流完整性的方法。对程序源代码进行扫描,以函数作为识别程序行为的基本粒子,利用函数调用执行的序列信息,建立表现程序原意的行为轨迹模型,利用该模型在运行期监控程序的执行流程。实验结果表明,该方法对篡改控制流的攻击起到了很好的防御作用。

关键词: (南京大学计算机科学与技术系,南京 210093)

Abstract: Current software attacks often build on exploits that subvert machine-code execution. This paper proposes a new signature monitoring technique to enhance the control-flow integrity of program. It uses the execution of function as the basic item of the control-flow of the program. To get more exact intent of program, it scans the source code, and gets the information of function call sequence. According to the information, the model of program’s intent can be built. The model is used to monitor the program in runtime. Experimental results show the monitoring system makes the program more secure to reject the control-flow attacks.

Key words: (Department of Computer Science and Technology, Nanjing University, Nanjing 210093)

中图分类号: