{"links":{},"id":175805,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00175805","sets":["6164:6165:6462:8948"]},"path":["8948"],"owner":"11","recid":"175805","title":["CPUによるリターンアドレス書換え攻撃検知とソフトウェア支援"],"pubdate":{"attribute_name":"公開日","attribute_value":"2016-10-04"},"_buckets":{"deposit":"c7b09bac-85f9-4a8e-b920-c844023784d3"},"_deposit":{"id":"175805","pid":{"type":"depid","value":"175805","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"CPUによるリターンアドレス書換え攻撃検知とソフトウェア支援","author_link":["367924","367928","367922","367927","367929","367925","367923","367930","367926","367921"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"CPUによるリターンアドレス書換え攻撃検知とソフトウェア支援"},{"subitem_title":"A Detection Method of Return Address Overwriting Attacks Based on CPU and Support by Software","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"バッファオーバフロー攻撃，ROP，シャドウスタック，QEMU","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2016-10-04","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"立命館大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/175805/files/IPSJCSS2016105.pdf","label":"IPSJCSS2016105.pdf"},"date":[{"dateType":"Available","dateValue":"2018-10-04"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2016105.pdf","filesize":[{"value":"823.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"1df65f42-2640-4136-9f04-b4bf2478cdb6","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2016 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"久保田, 曹嗣"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"明田, 修平"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"瀧本, 栄二"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齋藤, 彰一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Soshi, Kubota","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shuhei, Aketa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eiji, Takimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shoichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"バッファオーバフローを悪用した攻撃には，リターンアドレスを書き換え，不正な制御フローに処理を移すものがある．我々は，そのため，CPU の CALL / RET 命令を拡張し，両者の対称性をチェックすることで攻撃を検知する手法を研究している．しかし，CALL / RET 命令の対称性が損なわれるケースが存在するため，誤検知が発生することがわかった．そこで，CPU での CALL / RET 命令の比較処理を変更し，さらに，CPU では対処できない誤検知は Linux カーネルおよび標準 C ライブラリを新たに改変することで対処を行った．自作したテストアプリケーションを用いて検証を行った結果，５ つの誤検知に対処できたことを確認した．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Some buffer overflow attacks overwrite return address to execute malicious code. To defend from them, we are studying a method detecting these attacks. The method extends CALL / RET instructions of the CPU and checks if the pairs of the instructions are symmetric. However, we have recognized misdetection cases because of the impaired symmetric of the instructions. Therefore, we have changed the comparison mechanism of the instructions. Furthermore, we have modified Linux kernel and C standard library for misdetection cases which cannot be handled by CPU only. We confirmed that our system can treat all of the misdetections by the test programs.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"725","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2016論文集"}],"bibliographicPageStart":"718","bibliographicIssueDates":{"bibliographicIssueDate":"2016-10-04","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2016"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-19T00:45:32.296539+00:00","updated":"2025-01-20T06:08:40.319660+00:00"}