{"updated":"2025-01-19T13:03:08.975877+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00224700","sets":["1164:3925:11156:11157"]},"path":["11157"],"owner":"44499","recid":"224700","title":["様々なCPUアーキテクチャにおけるROP攻撃可能性の検証"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-02-27"},"_buckets":{"deposit":"eba9b033-ddae-49e6-868a-34569c2db608"},"_deposit":{"id":"224700","pid":{"type":"depid","value":"224700","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"様々なCPUアーキテクチャにおけるROP攻撃可能性の検証","author_link":["593075","593073","593074"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"様々なCPUアーキテクチャにおけるROP攻撃可能性の検証"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"マルウェア","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2023-02-27","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"北海道情報大学"},{"subitem_text_value":"長崎県立大学"},{"subitem_text_value":"北海道情報大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Hokkaido Information University","subitem_text_language":"en"},{"subitem_text_value":"University of Nagasaki","subitem_text_language":"en"},{"subitem_text_value":"Hokkaido Information University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/224700/files/IPSJ-CSEC23100024.pdf","label":"IPSJ-CSEC23100024.pdf"},"date":[{"dateType":"Available","dateValue":"2025-02-27"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC23100024.pdf","filesize":[{"value":"771.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"66695ff2-9879-4cee-a15a-e5fa5e3e8e71","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"多木, 優馬"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"福光, 正幸"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"湯村, 翼"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Return Oriented Programming (ROP) 攻撃は，プログラム内の命令片を利用し，任意の処理を行わせる攻撃手法であり，様々な派生手法も登場している．ROP 攻撃への対策として，高い計算能力を持つ CPU を活用する Control-Flow Integrity (CFI )や，広いアドレス空間を活用する Address Space Layout Randomization (ASLR) といったセキュリティ機構が存在する．ただし，組込み機器では，プロセッサに対する制約によってこれらのセキュリティ機構を実装できない場合もある．本研究では，組込み機器に対する ROP 攻撃の可能性を調査するため，x86，ARM32，ARM64 環境に対して ROP 攻撃検証を行った．プロセッサエミュレータ QEMU を用いて攻撃対象環境を構築し，そこで稼働する脆弱なテストプログラムに対して ROP 攻撃を実施した．検証の結果，x86 環境と ARM32 環境への ROP 攻撃は成立し，ARM64 環境への ROP 攻撃は不成立であった．この結果について考察し，関数呼び出し方法を工夫することでリターンアドレスの書き換えを緩和できることを明らかにした．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2023-02-27","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"24","bibliographicVolumeNumber":"2023-CSEC-100"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:24:16.132740+00:00","id":224700,"links":{}}