共查询到18条相似文献,搜索用时 281 毫秒
1.
Linux下缓冲区溢出的分析与利用 总被引:1,自引:0,他引:1
缓冲区溢出漏洞攻击是目前互联网上黑客使用最多的攻击手段之一。论文针对Linux平台,从Linux系统内存管理机制人手,解释了Linux系统下函数调用的方法,分析了缓冲区溢出产生的原因并阐明了缓冲区溢出产生的整个过程,通过具体实例,说明了缓冲区溢出的利用方法。 相似文献
2.
缓冲区溢出漏洞是一类常见的软件漏洞,其对计算机系统造成的危害非常大。本文针对这类漏洞提出一种基于二进制文件动态插桩并根据程序运行状态来判定缓冲区溢出的检测方法,并实现了基于该方法的检测系统。通过分析缓冲区溢出的原理以及常见攻击方法的特点,提出了基于覆盖返回地址、虚函数表、异常处理链表以及溢出后执行特定API的缓冲区溢出检测方法。实验表明该系统能有效检测到缓冲区溢出并定位溢出点从而辅助对漏洞原理进行分析。 相似文献
3.
WindowsDNS服务器远程栈溢出漏洞的应用研究 总被引:1,自引:0,他引:1
文章介绍了系统安全漏洞和针对系统安全漏洞攻击的基本实现原理,通过对具体漏洞的分析,提出了Windows系统中基于DNS服务远程栈缓冲区溢出攻击的具体实现方法,同时也给出了针对系统安全漏洞的一些防御和避免措施。 相似文献
4.
文章针对缓冲区溢出攻击,从代码、编译器、链接库、操作系统内核以及计算机体系结构等几个层次介绍了常用的防护技术和工具。基于对各种技术优点和不足的分析,提出多层面协作构造系统安全漏洞防护体系结构的观点。 相似文献
5.
RPC溢出漏洞成为Windows系统安全的巨大威胁。介绍了RPC的原理,研究了RPC中Stub的数据构造和标准,分析了堆结构和堆溢出原理,总结了堆溢出漏洞的利用方法,针对一个RPC堆溢出漏洞分析了利用过程,提出了RPC堆溢出漏洞攻击的防范措施。 相似文献
6.
利用"Windows图元缓冲区溢出漏洞"的入侵系统的".wmf"文件有别与传统的".exe"文件,这是其最大的危害性.攻击代码隐藏在图形文件编码内部,用户认为自己打开的只是图形文件,对攻击文件容易掉以轻心.这里将详细介绍该漏洞的攻击原理和防范手段. 相似文献
7.
8.
9.
Windows DEP数据执行保护技术研究 总被引:1,自引:0,他引:1
缓冲区溢出漏洞是危害最大、影响范围最广的漏洞之一,普遍存在于各类系统和应用软件中。操作系统中的数据执行保护(DEP,Data Execution Prevention)技术,是一项有效的安全保护技术,能够有效防范缓冲区溢出攻击,维护操作系统安全,但是该技术仍然存在一定的局限性。文中通过一个突破数据执行保护,利用缓冲区溢出漏洞成功执行注入代码的实例来说明数据执行保护技术存在的局限性,并提出了一些解决数据执行保护技术局限性的方法和建议。 相似文献
10.
在程序编码中防止缓冲区溢出 总被引:1,自引:0,他引:1
缓冲区溢出攻击是各种网络攻击方法中较普遍且危害较严重的一种,文章分析了缓冲区攻击的原理,并从编程角度分析了造成缓冲区溢出的潜在漏洞,最后提出了在程序编写过程中防御缓冲区溢出的方法。 相似文献
11.
对Android系统的多种脆弱性进行了理论上的分析。根据目前已知的Android系统安全问题,归纳分析出Android系统脆弱性所在,主要包括Root、权限机制、签名机制、沙箱机制、应用安装机制、协议、版本碎片化、栈溢出保护、Linux内核等,并且通过示例给出了脆弱性的表现形式。 相似文献
12.
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow. 相似文献
13.
When the virtual function was executed,it could cause array overflow vulnerability due to error operation of the virtual function table of C++ object.By attacking the virtual function,it could cause the system crash,or even the attacker to control the execution of program directly was allowed,which threatened user’s security seriously.In order to find and fix this potential security vulnerability as soon as possible,the technology for detecting such security vulnerability was studied.Based on the analysis of the virtual function call during the MS Word parsing RTF files,the array overflow vulnerability generated by MS Word parsing abnormal RTF files,and a new RTF array overflow vulnerability detection method based on the file structure analytical Fuzzing was proposed.Besides,an RTF array overflow vulnerability detection tool (RAVD,RTF array vulnerability detector) was designed.The test results show RAVD can detect RTF array overflow vulnerabilities correctly.Moreover,the Fuzzing results show RAVD has higher efficiency in comparison with traditional file Fuzzing tools. 相似文献
14.
While malicious samples are widely found in many application fields of machine learning, suitable countermeasures have been investigated in the field of adversarial machine learning. Due to the importance and popularity of Support Vector Machines (SVMs), we first describe the evasion attack against SVM classification and then propose a defense strategy in this paper. The evasion attack utilizes the classification surface of SVM to iteratively find the minimal perturbations that mislead the nonlinear classifier. Specially, we propose what is called a vulnerability function to measure the vulnerability of the SVM classifiers. Utilizing this vulnerability function, we put forward an effective defense strategy based on the kernel optimization of SVMs with Gaussian kernel against the evasion attack. Our defense method is verified to be very effective on the benchmark datasets, and the SVM classifier becomes more robust after using our kernel optimization scheme. 相似文献
15.
BugScam自动化静态漏洞检测的分析 总被引:1,自引:0,他引:1
安全漏洞的发掘工作是一件很重要的事情.BugScam是一个基于脚本机制的漏洞分析工具,但它所处理的函数不够全面,不能涵盖所有能够引起缓冲区溢出的函数。对BugScam自动化漏洞检测的原理进行了分析,详细地说明了BugScam计算缓冲区长度的算法,并指出存在的不足。提出可能的改进方法。 相似文献
16.
17.
文中提出了一种进程完整性的度量方法,并应用于软件漏洞的检测。该方法利用源码转换和函数调用时的状态信息来实现进程完整性的检测与分析,通过检查进程在运行过程中的完整性度量是否保持为真,来判断进程是否存在漏洞。实验结果表明,这种方法能够在不带来大的性能损失的情况下准确地检测出缓冲区溢出漏洞。 相似文献
18.
The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, a smart software vulnerability detection technology is presented, which is used for the identifica- tion of integer overflow vulnerabilities in binary executa- bles. The proposed algorithm is combined with Target fil- tering and dynamic taint tracing (TFDTT). Dynamic taint tracing is used to reduce the mutation space and target fil- tering function is used to filter test cases during the process of test case generation. Theory analysis indicates that the efficiency of TFDTT is higher than NonTF-DTT and ran- dom Fuzzing technology. And the experiment results in- dicate that the detection technology based upon TFDTT can identify the possible integer vulnerabilities in binary program, meanwhile, it is more efficiency than other two technologies. 相似文献