Jisuanji kexue (Apr 2022)
Detection Method of ROP Attack for Cisco IOS
Abstract
Cisco IOS (Internet operating system) is a special operating system of Cisco router.Due to the limitation of hardware conditions, it pays more attention to the performance and ignores the system security in the design, which makes it unable to effectively detect the attack of return address oriented programming (ROP).Aiming at the defects of traditional ROP protection technology in Cisco IOS protection, a method based on return address memory hash verification is proposed, which can effectively detect the ROP attack on Cisco IOS and capture the attack code.By analyzing the advantages and disadvantages of the existing protection mechanisms against ROP attacks, on the basis of the idea of compact shadow memory protection, the traditional sha-dow memory storage mode is transformed into a hash based memory search mode, and the record of the return address memory pointer is added as the index of hash search, which improves the efficiency of shadow me-mory search and can resist shadow memory tampering caused by memory leakage.Based on the Dynamips virtualization platform, the CROPDS system is designed and implemented, and the method is verified effectively.Compared with the previous methods, it improves the generality and perfor-mance, and can capture the shellcode of attack execution.
Keywords