- M.Y. Ma, L.W. Chen, D. Meng. A Survey of Memory Corruption Attack and Defense[J]. Journal of Cyber Security, 2017, 2(4):. 82-98.Google Scholar
- F.F. Wang, T. Zhang, W.G. Xu, Overview of control-flow hi-jacking attack and defense techniques for process[J]. Chinese Journal of Network and Information Security, 2019, 5(6): 10-20.Google Scholar
- Kc G S, Keromytis A D, Prevelakis V. Countering Code-injection Attacks with Instruction-set Randomization[C]. The 10th ACM conference on Computer and communication security, 2003: 272-280.Google Scholar
- Keromytis A D. Randomized Instruction Sets and Runtime Envi-ronments Past Research and Future Directions[J]. IEEE Security & Privacy Magazine, 2009, 7(1): 18-25.Google ScholarDigital Library
- S. Du, H. Shu, F. Kang. Design and implementation of hard-ware-based dynamic instruction set randomization frame-work[J]. Chinese Journal of Network and Information Security, 2017, 3(11): 29-39.Google Scholar
- Barrantes E G, Ackley D H, Palmer T S, Randomized In-struction Set Emulation to Disrupt Binary Code Injection At-tacks[C]. The 10th ACM conference on Computer and communi-cation security, 2003: 281-289.Google Scholar
- T. Liu, G. Shi, D. Meng. A Survey of Code Reuse Attack and De-fense Mechanisms[J]. Journal of Cyber Security, 2016, 1(2): 15-27.Google Scholar
- X.D. Qiao, R.X. Guo, Y. Zhao. Research progress in code reuse at-tacking and defending[J]. Chinese Journal of Network and Infor-mation Security, 2018,4(3): 1-12Google Scholar
- W. Wu, W. Huo, W. Zou. Survey on Attacking and Defending Technologies of Dynamic Code Generation[J]. Journal of Cyber Security, 2016, 1(4): 52-64.Google Scholar
- G.M. Zhang, Q.B. Li, G.Y. Zeng, Defensing Code Reuse Attacks Using Live Code Randomization[J]. Journal of Soft-ware, 2019, 30(9): 2772-2790.Google Scholar
- Boyd S W, Keromytis A D. SQLrand: Preventing SQL Injection Attacks[M]. Applied Cryptography and Network Security. Berlin, Heidelberg: Springer Berlin Heidelberg, 2004: 292-30.Google Scholar
Recommendations
Defense Method of Ruby Code Injection Attack Based on Instruction Set Randomization
ICCCM '20: Proceedings of the 8th International Conference on Computer and Communications ManagementCode injection attack is a major security threat to applications, especially web applications. This type of attack stems from the attacker's ability to use the vulnerability/backdoor of the application to inject a malicious program into the server and ...
Known/Chosen Key Attacks against Software Instruction Set Randomization
ACSAC '06: Proceedings of the 22nd Annual Computer Security Applications ConferenceInstruction Set Randomization (ISR) has been proposed as a form of defense against binary code injection into an executing program. One proof-of-concept implementation is Randomized Instruction Set Emulator (RISE), based on the open-source Valgrind IA-...
A lab implementation of SYN flood attack and defense
SIGITE '08: Proceedings of the 9th ACM SIGITE conference on Information technology educationA "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. SYN flood attack is one of the most common types of DoS. In this lab, we model and simulate a real world ...
Comments