缓冲区溢出攻击的防范策略

首先解释了缓冲区溢出的概念，从程序语言本身存在缺陷，不够健壮的角度出发．对缓冲区溢出的原理进行了详细的阐述；再次，结合缓冲区溢出攻击的类型，从系统管理和软件开发两个角度提出了缓冲区溢出攻击的防范策略。     

基于CPU硬件的缓冲区溢出攻击的防范技术

基于软件的防护功能已经难以满足现代用户的安全需要，基于硬件的安全技术成为新的重大安全课题。文章分析了缓冲区溢出的原因、危害及溢出攻击机理，阐述了CPU硬件防范缓冲区溢出攻击的NX（No eXecutebit）技术原理及其具体实现。所述技术路线有益于国产CPU的研发。     

缓冲区溢出攻击的分析及防范措施

首先解释缓冲区溢出的概念,从程序语言本身存在缺陷,不够健壮的角度出发,对缓冲区溢出的原理进行了详细的阐述,并总结出缓冲区溢出攻击的类型;最后,结合缓冲区溢出攻击的类型,从系统管理和软件开发两个角度提出缓冲区溢出攻击的防范措施.     

网络安全与缓冲区溢出攻击

针对当前网络系统应用中存在的安全问题,文章分析了安全问题产生的根源,介绍了计算机信息系统的安全级别,提出了缓冲区溢出攻击的防护方法。根据分析P2DR网络安全理论模型,结合实际经验,提出了网络安全的防护措施。     

关于"Windows图元缓冲区溢出漏洞"的分析

利用"Windows图元缓冲区溢出漏洞"的入侵系统的".wmf"文件有别与传统的".exe"文件,这是其最大的危害性.攻击代码隐藏在图形文件编码内部,用户认为自己打开的只是图形文件,对攻击文件容易掉以轻心.这里将详细介绍该漏洞的攻击原理和防范手段.     

嵌入式系统抗缓冲区溢出攻击的硬件防御机制研究

嵌入式系统设计时由于成本和功耗等方面的考虑而较少重视安全性,而一般采用的软件防御方式无法满足嵌入式系统在实时性和可靠性上的要求,缓冲区溢出作为最常见的软件安全漏洞对嵌入式系统安全构成严重威胁.文中构建了一种基于细粒度指令流监控(FIFM)的硬件防御机制,通过虚拟执行单元虚拟执行程序,在攻击发生之前检测攻击行为.实验结果表明FIFM能很好的防御典型的缓冲区溢出攻击,而且FIFM不需要修改程序,不破坏流水线完整性,对系统的性能影响小,本文的防护机制可以应用于其他嵌入式系统设计中以动态防御缓冲区溢出攻击.     

基于Windows缓冲区溢出漏洞的植入型木马研究

文中首先讨论了缓冲区溢出及其攻击的原理并说明了三种攻击方法,而后讨论了基于缓冲区溢出漏洞的植入型木马设计的关键技术与实现思想,最后采用攻击树方法对其进行了简单的形式化分析,说明了植入式术马的可行性。     

Windows平台下的缓冲区溢出漏洞分析

就windows平台下利用缓冲区溢出漏洞发起攻击时遇到的几个技术问题提出了一些想法和解决思路，这些问题包括：子函数返回时原缓冲区释放导致攻击代码shellcode无效问题；shellcode中跳转指令地址问题；shellcode所使用函数问题。     

Linux下缓冲区溢出的分析与利用

缓冲区溢出漏洞攻击是目前互联网上黑客使用最多的攻击手段之一。论文针对Linux平台,从Linux系统内存管理机制人手,解释了Linux系统下函数调用的方法,分析了缓冲区溢出产生的原因并阐明了缓冲区溢出产生的整个过程,通过具体实例,说明了缓冲区溢出的利用方法。     

在程序编码中防止缓冲区溢出

缓冲区溢出攻击是各种网络攻击方法中较普遍且危害较严重的一种，文章分析了缓冲区攻击的原理，并从编程角度分析了造成缓冲区溢出的潜在漏洞，最后提出了在程序编写过程中防御缓冲区溢出的方法。     

视频点播中机顶盒缓冲器的空闲与溢出分析

介绍了视频点播概念和机顶盒的作用，详细分析了机顶盒缓冲器发生空闲或溢出时的信道传输带宽要求，并得出一些重要结论。     

On the estimation of buffer overflow probabilities frommeasurements

We propose estimators of the buffer overflow probability in queues fed by a Markov-modulated input process and serviced by an autocorrelated service process. These estimators are based on large-deviations asymptotics for the overflow probability. We demonstrate that the proposed estimators are less likely to underestimate the overflow probability than the estimator obtained by certainty equivalence. As such, they are appropriate in situations where the overflow probability is associated with quality of service (QoS) and we need to provide firm QoS guarantees. We also show that as the number of observations increases to infinity the proposed estimators converge with probability one to the appropriate target, and thus, do not lead to underutilization of the system in this limit     

A bi-channel voltage regulator protecting smart cards against power analysis attacks

The bi-channel voltage regulator proposed in this paper has been specifically developed for smart cards. Its purpose is to protect the supplied system against power analysis attacks. It generates the internal power supply voltage from the external power supply voltage provided by card readers, while ensuring the uncorrelation between the external power supply current and the internal power supply current. The power supply current of an electronic system can be decomposed into a DC component, which contains little information, and an AC component, which handles considerably more. In order to reach a good compromise between regulation and security, while respecting the smart card stringent technological constraints, these two components are treated separately by a bi-channel power structure. The presented implementation has been simulated from the process parameters of a STMicroelectronics 0.18 \upmum0.18\,\upmu\hbox{m} CMOS technology. It provides a 1.8 V output voltage from a 2 to 5.5 V input voltage range. The structure has been sized to handle a 25 mA DC current while hiding a 20 MHz AC current presenting 75 mA peaks. Its estimated area is approximatively 0.8 mm²0.8\,\hbox{mm}^2.     

Importance sampling for the estimation of buffer overflow probabilities via trace-driven simulations

We develop an importance sampling technique that can be used to speed up the simulation of a model of a buffered communication multiplexer fed by a large number of independent sources. The sources generate traffic according to a periodic function with a random phase. This traffic model accommodates a wide range of situations of practical interest, including ON-OFF periodic traffic models and sequences of bit rates generated by actual variable bit rate sources, such as MPEG video compressors. The simulation seeks to obtain estimates for the buffer overflow probability that in most cases of interest is very small. We use a large deviations result to devise the change of measure used in the importance sampling technique and demonstrate through numerical results that this change of measure leads to a dramatic reduction in the required simulation time over direct Monte Carlo simulation. Possible practical applications include short-term network resource planning and even real-time call admission control.     

Packet loss performance due to buffer overflow at transmitter side of wireless link

The exact packet loss due to buffer overflow at the transmitter side of the wireless link is derived and a closed-form approximation for the corresponding wireless effective bandwidth is obtained. This discrete fluid flow analysis (FFA) is compared with existing continuous FFA and simulation analysis. Results show that packet loss performance by the discrete FFA is more accurate than that by the continuous FFA.     

Generalization of Huffman coding to minimize the probability of buffer overflow (Corresp.)

An algorithm is given to find a prefix condition code that minimizes the value of the moment generating function of the codeword length distribution for a given positive argument. This algorithm is used in an iterative way to yield a code that maximizes the rate of decay of the probability of buffer overflow as the buffer length increases.     

MIMO体制雷达原理及关键技术分析

在对MIMO雷达的基本原理进行概述的基础上,重点分析了MIMO雷达设计时所涉及的主要关键技术,对关键技术实现的途径及常用方法进行了讨论和分析,最后提出了还需进一步研究的方向和主要内容。