• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>2011 IEEE 3rd International Conference on Communication Software and Networks >Unicode-proof code injection attack on Windows CE — A novel approach of evading intrusion detection system for mobile network
【24h】

Unicode-proof code injection attack on Windows CE — A novel approach of evading intrusion detection system for mobile network

机译:Windows CE上的Unicode防码注入攻击—一种规避移动网络入侵检测系统的新方法

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Code injection attack is a major way of spreading malware on network. The key section of code injection attack is a small piece of code, called shellcode, which performs unauthorized operations when it is injected into software as part of valid data. On Windows CE, input data are often encoded using Unicode before being processed. In such cases, shellcode should be built in a way that bypasses such encoding; that is, it should be Unicode-proof. Unicode-proof shellcode also has great advantage of evading instruction detection system. However, it is quite difficult to build Unicode-proof shellcode for the ARM architecture, on which most embedded devices are developed, because the subset of instructions that can be used to write Unicode-proof shellcode is very limited. Moreover, the instruction cache in the ARM processor restricts the application of self-modifying code, which is frequently used in shellcode writing. This novel research proposes an approach to building ARM Unicode-proof shellcode on Windows CE under these constraints. The approach applies to all versions of ARM processors and Windows CE, including systems evolved from Windows CE, such as Windows Mobile and Windows Phone. The shellcode is tested on three currently available devices.
机译:代码注入攻击是在网络上传播恶意软件的一种主要方法。代码注入攻击的关键部分是一小段名为shellcode的代码,当将其作为有效数据的一部分注入到软件中时,它将执行未经授权的操作。在Windows CE上,通常在处理输入数据之前先使用Unicode对其进行编码。在这种情况下,应以一种绕过这种编码的方式来构建shellcode。也就是说,它应该是Unicode认证的。防Unicode的shellcode在规避指令检测系统方面也具有很大的优势。但是,为大多数嵌入式设备都在其上开发的ARM体系结构构建防Unicode的shellcode相当困难,因为可用于编写Unicode防shellcode的指令子集非常有限。此外,ARM处理器中的指令缓存限制了自修改代码的应用,而自修改代码经常在shellcode编写中使用。这项新颖的研究提出了一种在这些限制下在Windows CE上构建ARM Unicode防伪shellcode的方法。该方法适用于所有版本的ARM处理器和Windows CE,包括从Windows CE演化而来的系统,例如Windows Mobile和Windows Phone。 Shellcode已在三个当前可用的设备上进行了测试。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号