{"updated":"2025-01-19T23:38:20.984069+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00083926","sets":["581:6644:6865"]},"path":["6865"],"owner":"11","recid":"83926","title":["コールスタックの制御データ検査によるスタック偽装攻撃検知"],"pubdate":{"attribute_name":"公開日","attribute_value":"2012-09-15"},"_buckets":{"deposit":"5d3acfd5-4cc1-4069-8e48-d52571d3b0b2"},"_deposit":{"id":"83926","pid":{"type":"depid","value":"83926","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"コールスタックの制御データ検査によるスタック偽装攻撃検知","author_link":["457875","457868","457874","457871","457873","457864","457876","457865","457866","457870","457872","457867","457862","457869","457863","457877"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"コールスタックの制御データ検査によるスタック偽装攻撃検知"},{"subitem_title":"Mimicry Attack Detection by Saving and Checking Control Data Stored on Call Stack","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：スマートな社会を実現するコンピュータセキュリティ技術] スタック偽装攻撃，侵入検知システム，バッファオーバフロー，脆弱性","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2012-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"名古屋工業大学"},{"subitem_text_value":"NPO情報セキュリティ研究所"},{"subitem_text_value":"立命館大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"},{"subitem_text_value":"Nagoya Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"The Research Institute of Information Security","subitem_text_language":"en"},{"subitem_text_value":"Ritsumeikan University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/83926/files/IPSJ-JNL5309005.pdf","label":"IPSJ-JNL5309005"},"date":[{"dateType":"Available","dateValue":"2014-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5309005.pdf","filesize":[{"value":"947.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"2c334933-3e33-433e-b1e8-eebcd2a7b288","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2012 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"冨永, 悠生"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"樫山, 武浩"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"瀧本, 栄二"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"桑原, 寛明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"毛利, 公一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"齋藤, 彰一"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"上原, 哲太郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"國枝, 義敏"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Yuuki, Tominaga","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takehiro, Kashiyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eiji, Takimoto","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiroaki, Kuwabara","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Koichi, Mouri","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Shoichi, Saito","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsutaro, Uehara","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshitoshi, Kunieda","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"既存のホスト型侵入検知システムやコンパイラの拡張によるバッファオーバフローの検知では，検知システムを回避した攻撃が存在し問題となっている．我々は検知システムを回避する攻撃の1つであるスタック偽装攻撃に着目し，スタック偽装攻撃を検出することを目的としたこれまでにない侵入検知システムを新たに提案する．本システムでは，コールスタックに積まれたフレームポインタとリターンアドレスからなる制御データを検査し，制御データの書き換えを検知することでスタック偽装攻撃を防ぐ．関数呼び出し時に制御データをバッファオーバフローによる書き換えを受けないメモリ領域に退避させ，関数呼び出し元への復帰時に退避させた制御データとスタック上の制御データが一致するかを検査する．これにより，スタック偽装攻撃による不正な制御データの偽装を検知できる．提案手法を実装し，gzipとhttpdならびにwcを動作させた際，本提案による増加部分が全実行時間に占める割合は，それぞれ2.52%，71.09%，94.82%であった．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"There are many methods to detect buffer overflow using host-based intrusion detection systems or compiler extensions. Some attacks, however, can avoid these defense systems. One of such attacks is “mimicry attack”. In this paper, we propose a new intrusion detection system focusing on mimicry attack. Our system detects invalid control data (frame pointer and return address on call stack) overwritten by mimicry attack. This detection method consists of saving and checking processes. The saving process, which is invoked when entering every functions, saves control data to the invulnerable memory area. The checking process, which is invoked when exiting any functions, compares the saved and real control data. We have implemented this proposed system and evaluated its time overhead. The percentage of the processing time for this proposed method in each total execution time of gzip process, httpd and wc are 2.52%, 71.09% and 94.82% respectively.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"2085","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"2075","bibliographicIssueDates":{"bibliographicIssueDate":"2012-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"53"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:37:16.541789+00:00","id":83926,"links":{}}