[1] ZHANG C, TAO W, CHEN Z, et al. Practical control flow integrity & randomization for binary executables [C]//Proceedings of the 2013 IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 2013: 559-573. [2] RODES B D, NGUYEN-TUONG A, HISER J D, et al. Defense against stack-based attacks using speculative stack layout transformation [C]//RV 2012: Proceedings of the Third International Conference on Runtime Verification, LNCS 7687. Berlin: Springer-Verlag, 2013: 308-313. [3] COWAN C, PU C, MAIER D, et al. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks [C]//SSYM'98: Proceedings of the 7th Conference on USENIX Security Symposium. Berkeley: USENIX Association, 1998, 7: 63-78. [4] BHATKAR S, DUVARNEY D, SEKAR R. Address obfuscation: an efficient approach to combat a broad range of memory error exploits [C]//Proceedings of the 12th USENIX Security Symposium. Berkeley: USENIX Association, 2003: 105-120. [5] RATANWORABHAN P, LIVSHITS B, ZORN, B. NOZZLE: a defense against heap-spraying code injection attacks [C]//SSYM '09: Proceedings of the 18th USENIX Security Symposium. Berkeley: USENIX Association, 2009: 169-186. [6] SHACHAM H, PAGE M, PFAFF B, et al. On the effectiveness of address-space randomization [C]//CCS '04: Proceedings of the 11th ACM Conference on Computer and Communications Security. New York: ACM, 2004: 298-307. [7] SHACHAM H. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) [C]//CCS '07: Proceedings of the 14th ACM conference on Computer and Communications Security. New York: ACM, 2007: 552-561. [8] COWAN C, BEATTIE S, JOHNSEN J, et al. PointGuard: protecting pointers from buffer overflow vulnerabilities [C]//SSYM '03: Proceedings of the 12th Conference on USENIX Security Symposium. Berkeley: USENIX Association, 2003: 91-104. [9] WANG H, GUO Y, CHEN X. FPValidator: validating type equivalence of function pointers on the fly [C]//ACSAC '09: Proceedings of Annual Computer Security and Applications. Washington, DC: IEEE Computer Society, 2009: 51-59. [10] ABADI M, BUDIU M, ERLINGSSON U, et al. Control flow integrity [C]//CCS '05: Proceedings of 12th ACM Conference on Computer and Communications Security. New York: ACM, 2005: 340-351. [11] KIMBALL W B, PERUGINI S. Software vulnerabilities by example: a fresh look at the buffer overflow problem-bypassing SafeSEH [J]. Journal of Information Assurance & Security, 2012, 7(1): 1-13. [12] BALARKISHNAN G, REPS T. WYSINWYX: What you see is not what you execute [J]. ACM Transactions on Programming Languages and Systems, 2010, 32(6): Article No. 23. [13] LIN Z, WANG Y, MAO B, et al. SafeBird: a dynamic and transparent toolkit for run-time buffer overflow oreventions[J]. Acta Electronica Sinica, 2007, 35(5): 882-889. (林志强,王逸,茅兵,等.SafeBird:一种动态和透明的运行时缓冲区溢出防御工具集[J]. 电子学报, 2007, 35(5): 882-889.) [14] HAN H, MAO B, XIE L. Dynamic runtime detection system for return-oriented-programming attack [J]. Computer Engineering, 2012, 38(4): 121-125. (韩浩,茅兵,谢立.针对ROP攻击的动态运行实时监测系统[J]. 计算机工程, 2012, 38(4): 121-125.) [15] CHEN P, XIAO H, SHEN X, et al. DROP: detecting return-oriented-programming malicious code [C]//ICISS 2009: Proceedings of the 5th International Conference on Information Systems Security, LNCS 5905. Berlin: Springer-Verlag, 2009, 5905: 163-177. [16] DAVI L, SADEGHI A, WINANDY M. ROPDefender: a detection tool to defend against return-oriented programming attacks [C]//ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2011: 40-51. [17] HUANG Z, ZHENG T. Program attack and protection based on return-oriented-programming[J]. Computer Science, 2012: 39(1): 1-5. (黄志军, 郑滔. 基于Return-Oriented Programming的程序攻击与防护[J]. 计算机科学, 2012, 39(1): 1-5.) [18] ONARLIOGLU K, BILGE L, LANZI A, et al. G-Free: defeating return-oriented-programming through gadget-less binaries [C]//ACSAC '10: Proceedings of the 26th Annual Computer Security Applications Conference. New York: ACM, 2010: 49-58. [19] SEWAN J. ROPGadget, automatic gadgets finder [EB/OL]. [2014-05-20]. http://shell-storm.org/project/ROPgadget/. [20] PacketStorm.[EB/OL]. [2014-04-20]. http://packetstormsecurity.com. |