인문학
사회과학
자연과학
공학
의약학
농수해양학
예술체육학
복합학
지원사업
학술연구/단체지원/교육 등 연구자 활동을 지속하도록 DBpia가 지원하고 있어요.
커뮤니티
연구자들이 자신의 연구와 전문성을 널리 알리고, 새로운 협력의 기회를 만들 수 있는 네트워킹 공간이에요.
초록·키워드
As modern systems widely deploy protective measures for control data in memory, such as Control-Flow Integrity (CFI), attackers’ ability to manipulate control data is greatly restricted. Consequently, attackers are turning to opportunities to manipulate non-control data in memory (known as Data-Oriented Attacks, or DOAs), which have been proven to pose significant security threats to memory. However, existing techniques to mitigate DOAs often introduce significant overhead due to the indiscriminate protection of a large range of data objects. To address this challenge, this paper adopts a Cyberspace Mimic Defense (CMD) strategy, a generic framework for addressing endogenous security vulnerabilities, to prevent attackers from executing DOAs using known or unknown security flaws. Specifically, we introduce a formalized expression algorithm that assesses whether DOA attackers can construct inputs to exploit vulnerability points. Building on this, we devise a key-area CMD strategy that modifies the coded pathway from input to the vulnerability point, thereby effectively thwarting the activation of the vulnerability. Finally, our experiments on real-world applications and simulation demonstrate that the key-area CMD strategy can effectively prevent DOAs by selectively diversifying parts of the program code.
인공지능 문자 인식 모델을 통해 추출된 텍스트로, 일부 오타나 오류가 포함될 수 있으나 지속적으로 개선 중입니다.
오류를 발견하셨다면 해당 부분을 드래그한 후 ' 를 통해 신고해주세요.
오류를 발견하셨다면 해당 부분을 드래그한 후 ' 를 통해 신고해주세요.