基于动态插桩的缓冲区溢出漏洞检测技术研究

缓冲区溢出漏洞是一类常见的软件漏洞,其对计算机系统造成的危害非常大。本文针对这类漏洞提出一种基于二进制文件动态插桩并根据程序运行状态来判定缓冲区溢出的检测方法,并实现了基于该方法的检测系统。通过分析缓冲区溢出的原理以及常见攻击方法的特点,提出了基于覆盖返回地址、虚函数表、异常处理链表以及溢出后执行特定API的缓冲区溢出检测方法。实验表明该系统能有效检测到缓冲区溢出并定位溢出点从而辅助对漏洞原理进行分析。     

基于循环结构的缓冲区溢出检测方法的研究

缓冲区溢出影响了软件的安全。检测缓冲区溢出漏洞对于提高软件安全性具有重要意义。本文从源代码层面出发,针对循环结构提出了一种缓冲区溢出检测方法,以C语言为主要研究对象,通过对C程序中循环结构进行识别、简化、边界分析等一系列操作,实现对C程序中循环结构引起的缓冲区溢出漏洞进行精准检测。     

C库中易受缓冲区溢出攻击的脆弱函数分析

为了编写更安全的C程序和提高已有C程序的安全性,对C库函数中易受缓冲区溢出攻击的脆弱函数进行了分析,分析它们可能产生缓冲区溢出时的特征及如何避免缓冲区溢出.实现了一种缓冲区溢出检测工具,能较准确地检测到C目的程序中的缓冲区溢出漏洞,分析结果具有实用价值.     

缓冲区溢出漏洞精确检测方法研究

 缓冲区溢出漏洞是影响系统安全性的严重问题之一,本文提出了一种利用模型检测技术对代码中潜在的缓冲区溢出漏洞进行精确检测的方法.该方法通过静态分析,先将对缓冲区漏洞的检测转化为对程序某个位置可达性的判定.然后,利用模型检测技术对可达性进行验证.基于GCC和Blast,我们使用这一方法构造了一个精确检测缓冲区溢出漏洞的原型系统.最后,使用该原型系统对wu-ftpd,minicom和CoreHTTP等三个实际应用程序进行了检测,结果不仅检测出了已知的漏洞,而且发现了一些新漏洞.     

浅析缓冲区溢出漏洞的研究与发展

缓冲区溢出(buffer overflow)是一种非常普遍、非常危险的漏洞,在各个操作系统、应用软件中广泛的存在。目前,缓冲区溢出漏洞已经成为一个针对软件的严重安全威胁。在溢出后攻击者通常可以获取到目标主机的最高权限,从而对目标主机发起各种各样的攻击。本文主要分析了缓冲区溢出漏洞的概念、原理,从几个方面分析和研究了目前常见的集中针对缓冲区溢出漏洞的检测的方法。最后对缓冲区溢出的未来研究热点进行阐述。     

嵌入式操作系统中的缓冲区溢出检测技术

针对嵌入式操作系统软件开发过程中的缓冲区溢出现象,提出一种基于边界检测的缓冲区溢出检测方法,给出该方法的理论基础,描述实验步骤及实验过程,该方法为需检测的数据缓冲区与检测变量分配连续的内存区域,通过检测变量的改变与否直观的检测出缓冲区是否溢出,并执行相应的告警和补救措施。     

一种防止缓冲区溢出攻击的新方法

介绍了缓冲区溢出攻击的原理，分析了缓冲区的三种结构，简要总结了已有的检测方法。提出了一种新的简单、易实施的防御缓冲区溢出攻击的方法。     

针对Shellcode变形规避的NIDS检测技术

现今,缓冲区溢出攻击仍是网络上最普遍和有效的攻击方式之一,常见于恶意攻击者的手动攻击以及病毒蠕虫的自发攻击。随着NIDS的发展,普通的缓冲区溢出攻击能够用基于Shellcode匹配的手段进行检测。然而,Shellcode变形技术的出现使缓冲区溢出攻击拥有了躲避NIDS检测的能力。论文在NIDS传统检测技术的基础上,详细研究了Shellcode的各种变形手段,提出了针对性的检测技术,并展望了未来的发展方向。     

基于目标码的缓冲区溢出漏洞发现的研究

对缓冲区溢出进行了分类，分析了缓冲区溢出需要的条件，接着针对运行时缓冲区边界定位问题，结合执行路径分析，提出了一种基于目标码的缓冲区溢出漏洞发现的体系结构，最后给出遏制利用缓冲区溢出漏洞进行攻击的一些方法。     

缓冲区溢出攻击的分析及防范措施

首先解释缓冲区溢出的概念,从程序语言本身存在缺陷,不够健壮的角度出发,对缓冲区溢出的原理进行了详细的阐述,并总结出缓冲区溢出攻击的类型;最后,结合缓冲区溢出攻击的类型,从系统管理和软件开发两个角度提出缓冲区溢出攻击的防范措施.     

RICB：基于缓冲区溢出的整数溢出漏洞动态分析

Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.     

Linux下缓冲区溢出的分析与利用

缓冲区溢出漏洞攻击是目前互联网上黑客使用最多的攻击手段之一。论文针对Linux平台,从Linux系统内存管理机制人手,解释了Linux系统下函数调用的方法,分析了缓冲区溢出产生的原因并阐明了缓冲区溢出产生的整个过程,通过具体实例,说明了缓冲区溢出的利用方法。     

在程序编码中防止缓冲区溢出

缓冲区溢出攻击是各种网络攻击方法中较普遍且危害较严重的一种，文章分析了缓冲区攻击的原理，并从编程角度分析了造成缓冲区溢出的潜在漏洞，最后提出了在程序编写过程中防御缓冲区溢出的方法。     

An Buffer Overflow Automatic Detection Method Based on Operation Semantic

1 Buffer Overflow Detection Technology Buffer overflow detection approaches can be dividedinto two categories :static approaches and dynamic ap-proaches[1 ,7 ~9]. Both dynamic approaches , such asStackGuard[2],StackShield[3],and Ref .[6] ,andstaticapproaches,such as ITS4[4], Rats[5],and Refs .[14 ~15] ,have their own disadvantages andli mitations .Dy-namic approaches increase the system operation spend-ing,and could become a service rejected attack easily.This paper presents anapproachto…     

Engineering Calculation of Overflow Probabilities in Buffers with Markov-Interrupted Service

Interrupted service, which may occur in fading radio channels, in low-priority channels which can be preempted or in systems with failures may make severe demands on buffer size if overflow is to be avoided. This paper analyzes a buffer with a Markov-interrupted timeslotted server, generalizing earlier work on independent random interruptions. An equivalent service distribution is defined for use in an approximateM/G/1model, which in turn gives buffer probabilities and overflow probabilities. For very small overflow probabilities, the necessary buffer size is found from a further analytic approximation to the tail of the buffer size distribution. The accuracy of the two approximations together is good, shown by an example of a fading radio channel.     

Application of soft computing techniques to adaptive user buffer overflow control on the Internet

Two novel expert dynamic buffer tuners/controllers, namely, the neural network controller (NNC) and the fuzzy logic controller (FLC) are proposed in this paper. They use soft computing techniques to eliminate buffer overflow at the user/server level. As a result they help shorten the end-to-end service roundtrip time (RTT) of the logical Internet transmission control protocol (TCP) channels. The tuners achieve their goal by maintaining the given safety margin /spl Delta/ around the reference point of the {0,/spl Delta/}/sup 2/ objective function. Overflow prevention at the Internet system level, which includes the logical channels and their underlying activities, cannot shorten the service RTT alone. In reality, unpredictable incoming request rates and/or traffic patterns could still cause user-level overflow. The client/server interaction over a logical channel is usually an asymmetric rendezvous, with one server serving many clients. A sudden influx of simultaneous requests from these clients easily inundates the server's buffer, causing overflow. If this occurs only after the system has employed expensive throttling and overflow management resources, the delayed overflow rectification could lead to serious consequences. Therefore, it makes sense to deploy an independent user-level overflow control mechanism to complement the preventative effort by the system. Together they form a unified solution to effectively stifle channel buffer overflow.     

Simple model for VBR MPEG digital video sources with gamma functions

This article presents a very simple model based on gamma functions for MPEG1 and MPEG2 VBR digital video. This model is a simplification of Frey's et al model.It captures first grade statistics and the cyclicity of the autocorrelation function. Buffer overflow losses with the proposed model are of the same magnitude that buffer overflow losses of the original video clips. We have found three zones in the buffer overflow losses under certain conditions. Zone number two is of special interest because identified losses are produced by extraordinary large frames.     

基于CPU硬件的缓冲区溢出攻击的防范技术

基于软件的防护功能已经难以满足现代用户的安全需要，基于硬件的安全技术成为新的重大安全课题。文章分析了缓冲区溢出的原因、危害及溢出攻击机理，阐述了CPU硬件防范缓冲区溢出攻击的NX（No eXecutebit）技术原理及其具体实现。所述技术路线有益于国产CPU的研发。