DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kim, Yongdae | - |
dc.contributor.advisor | 김용대 | - |
dc.contributor.author | Kyea, Jeongoh | - |
dc.date.accessioned | 2019-09-04T02:49:08Z | - |
dc.date.available | 2019-09-04T02:49:08Z | - |
dc.date.issued | 2018 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=734113&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/267170 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2018.2,[v, 30 p. :] | - |
dc.description.abstract | Object-Oriented Programming is essential for the developing the large size program. Object-Oriented Programming has a characteristic, Polymorphism, which is that the called function depends on the type of object. In the C++, there is the reserved word virtual for supporting polymorphism. Because the called function at the virtual function callsite can differ dynamically, the callsite is compiled as an indirect call. Therefore, if attackers change the virtual table pointer in an object, they can hijack the control flow. It is called as virtual table hijacking attack. In this paper, we suggest the new mitigation technique, TVT. TVT saves the type of the object in the constructor and checks that the type is changed at the callsites. We apply TVT to the firefox browser and tiny vulnerable program, and TVT can prevent all known test exploits. It shows reasonable overhead that is up to 48% for the SPEC2017 benchmark and average 20% for the firefox browser. Because the web page loading overhead is about 10%, which is less than network latency, TVT can apply to browsers. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | C++▼a가상함수▼a가상함수 하이재킹▼a시스템 보안▼a취약점▼a완화 | - |
dc.subject | C++▼aVirtual Function▼aVirtual Function Hijacking▼aSystem Security▼aVulnerability▼aMitigation | - |
dc.title | Typed virtual table for mitigating virtual table hijacking | - |
dc.title.alternative | 가상 함수 하이재킹 공격 완화 기법에 대한 연구 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
dc.contributor.alternativeauthor | 계정오 | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.