Порівняння методів
Переглядайте обрані методи поруч; рядки з відмінностями підсвічено.
| Програмування, орієнтоване на повернення× | Побічний аналіз (Side-Channel Analysis)× | |
|---|---|---|
| Галузь | Криптографія | Криптографія |
| Родина | Machine learning | Machine learning |
| Рік появи≠ | 2007 | 1996 |
| Автор методу≠ | Hovav Shacham | Paul Kocher |
| Тип≠ | code reuse attack methodology | physical side-channel exploitation |
| Основоположне джерело≠ | Shacham, H. (2007). The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 552-561. DOI ↗ | Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology - CRYPTO 1996, LNCS 1109, pp. 104-113. DOI ↗ |
| Інші назви≠ | ROP, code reuse attack, Turing-complete gadget | SCA, timing attack, power analysis, cache attack |
| Пов'язані | 3 | 3 |
| Підсумок≠ | Return-Oriented Programming (ROP) is an exploit technique that chains together short sequences of instructions (gadgets) from existing executable code to perform arbitrary computation, bypassing security defenses like code injection prevention. Introduced by Hovav Shacham in 2007, ROP exploits code reuse to execute malicious logic even when data execution prevention (DEP) and code signing prevent direct code injection. ROP is considered one of the most powerful exploit techniques against modern defense mechanisms and has been demonstrated to be Turing-complete. | Side-channel analysis is a family of attacks that exploit physical properties of cryptographic implementations (timing, power consumption, electromagnetic emissions, cache behavior) to recover secret keys. Introduced by Paul Kocher in 1996, side-channel attacks have repeatedly broken implementations of theoretically secure cryptosystems by leveraging unintended information leakage. Side-channel analysis has become a critical concern in cryptographic system design, requiring constant-time implementations and physical countermeasures. |
| ScholarGateНабір даних ↗ |
|
|