| 缓冲区溢出攻击模式及其防御的研究 |
| |
| 引用本文: | 程红蓉,秦志光,万明成,邓蔚.缓冲区溢出攻击模式及其防御的研究[J].电子科技大学学报(自然科学版),2007,36(6):1187-1191. |
| |
| 作者姓名: | 程红蓉 秦志光 万明成 邓蔚 |
| |
| 作者单位: | 1.电子科技大学计算机科学与工程学院 成都 610054 |
| |
| 摘 要: | 借助统一建模语言,概括近十年来利用缓冲区溢出进行攻击的攻击模式,从预防、发现、抵御缓冲区溢出攻击以及攻击后的程序恢复等方面对目前有代表性的防御、检测方法和攻击恢复技术进行了归纳、分析和比较,指出这些方法和技术的弊端以及可能采取的规避手段。提出了在攻击技术不断发展的情况下,彻底、有效地解决缓冲区溢出所面临的问题,编写安全的程序是解决缓冲区溢出的关键,并对将来解决缓冲区溢出可采用的有效方法和手段进行了讨论。
|
| 关 键 词: | 攻击模式 缓冲区溢出 防御方法 统一建模语言 安全编程 |
| 收稿时间: | 2007-08-25 |
On the Buffer Overflow Attack Mode and Countermeasures |
| |
| CHENG Hong-rong, QIN Zhi-guang, WAN Ming-cheng, DENG Wei.On the Buffer Overflow Attack Mode and Countermeasures[J].Journal of University of Electronic Science and Technology of China,2007,36(6):1187-1191. |
| |
| Authors: | CHENG Hong-rong QIN Zhi-guang WAN Ming-cheng DENG Wei |
| |
| Affiliation: | 1.School of Computer Science and Engineering,University of Electronic Science and Technology of China Chengdu 610054 |
| |
| Abstract: | A general model of buffer overflow based attacks is described by unified modeling language. The analysis and comparison of the existing representative methods and apparatuses of defense and recovery against buffer overflow attacks are presented, including analyzing their vulnerabilities and possible means to bypass them. Highlighting the state-of-art challenging issues for facing the tradeoff of security and performance efficiency, and the continuing evolution of attach techniques, it is pointed out that security programming is the key to solve buffer overflow problems. Finally, some technical trends are given. |
| |
| Keywords: | attack model buffer overflow countermeasures unified modeling language security programming |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
