关于传统空间缓冲区生成算法的分析

本文通过对各类空间缓冲区生成的算法思想及算法实现进行分析与比较,给出了避免在缓冲区生成结果的过程中出现的失真与尖角等问题的最适合的解决方法。     

Goal-oriented dynamic test generation

ContextMemory safety errors such as buffer overflow vulnerabilities are one of the most serious classes of security threats. Detecting and removing such security errors are important tasks of software testing for improving the quality and reliability of software in practice.ObjectiveThis paper presents a goal-oriented testing approach for effectively and efficiently exploring security vulnerability errors. A goal is a potential safety violation and the testing approach is to automatically generate test inputs to uncover the violation.MethodWe use type inference analysis to diagnose potential safety violations and dynamic symbolic execution to perform test input generation. A major challenge facing dynamic symbolic execution in such application is the combinatorial explosion of the path space. To address this fundamental scalability issue, we employ data dependence analysis to identify a root cause leading to the execution of the goal and propose a path exploration algorithm to guide dynamic symbolic execution for effectively discovering the goal.ResultsTo evaluate the effectiveness of our proposed approach, we conducted experiments against 23 buffer overflow vulnerabilities. We observed a significant improvement of our proposed algorithm over two widely adopted search algorithms. Specifically, our algorithm discovered security vulnerability errors within a matter of a few seconds, whereas the two baseline algorithms failed even after 30 min of testing on a number of test subjects.ConclusionThe experimental results highlight the potential of utilizing data dependence analysis to address the combinatorial path space explosion issue faced by dynamic symbolic execution for effective security testing.     

缓冲区溢出脆弱性检测和预防技术综述

利用缓冲区溢出脆弱性进行攻击,是网络攻击中最常见和最危险的攻击方法。为解决缓冲区溢出脆弱性问题,在研究和商业领域提出了各种各样的方案。本文首先将缓冲区溢出脆弱性检测和预防技术划分成9大类;然后研究了每一类技术的原理、特性、适用范围和优缺点等;最后分析讨论了整个缓冲区溢出脆弱性检测和预防技术。     

Predictive buffer control in delivering remotely stored video using proxy servers

We study the problem of using proxy servers to stream video stored at a geographically separate location. The separation of the server and the storage introduces a non-negligible delay in retrieving video frames in real time. We assume an additive-increase/multiplicative-decrease transport protocol to support the streaming process and develop an effective scheme to achieve consistent, high streaming quality. The heart of the scheme is the control of buffer occupancy at the proxy server. We model the buffer as a bilinear dynamical system disturbed by a point process with stochastic state-dependent intensity. We first develop a buffer controller that does not exploit this model. Then, using the buffer model, we construct a second controller based on an optimal-control analysis for the case without retrieval delay. Extending these two controllers, we subsequently synthesize two controllers based on prediction of future system states using the model, taking into account both the delay and the state-dependent disturbance intensity. Our empirical study illustrates the effectiveness of the streaming scheme. We further find that the controllers exploiting the buffer model demonstrate performance significantly superior to that of the model-free controller in overcoming the adverse impact of the retrieval delay. We also conduct limited experiments to study the impact of variable retrieval delays.     

基于缓冲溢出漏洞的攻击及其预防研究综述

近十几年来,由操作系统缓冲区溢出漏洞导致的攻击带来了严重的网络安全问题,它的安全危害级别相当高。如何有效地消除基于缓冲区溢出的攻击,可以消除一个相当普遍的安全隐患。本文针对缓冲区溢出漏洞的基本原理,系统分析了攻击过程,比较了不同的防御手段及其优缺点。最后介绍了综合利用现有的方法防止该攻击的发生。     

嵌入式系统缓冲区溢出攻击防范技术研究

针对嵌入式系统在缓冲区溢出攻击下的脆弱性问题,对开源嵌入式操作系统μC/OS-Ⅱ的内存管理机制进行分析,提出了一种基于块表的内存保护方案。该方案将属于同一任务的内存块归纳到一个域内,并建立块表进行管理,实现了任务地址间的隔离;通过对内存块的访问进行越界检查和访问控制,有效地防范了针对嵌入式系统的缓冲区溢出攻击。最后,对该方案进行了有效性分析并在Nios Ⅱ平台上进行了实验测试,结果表明所提方法可行。     

解析PowerBuilder的数据处理机制

数据窗口对象是专门为了访问后台的数据库服务的,在数据窗口对象中定义数据的来源和数据的显示风格.数据窗口根据所需的显示风格将数据源表设计好.在运行时将所要的数据从数据库服务器上下栽到客户机上处理,更改后的数据进行提交或回滚.     

剖析缓冲区溢出攻击

本文从程序设计语言的特征、程序编写、数据结构以及程序执行控制等多个角度对缓冲区溢出漏洞攻击的原理进行深入剖析,最后提出了遏制利用缓冲区溢出漏洞进行攻击的一些措施。     

Non-vacuum laser deposition of buffer layers for coated conductors

A pulsed TEA-CO₂ laser in combination with the dynamic fluidized bed powder feeder was employed to deposit a thin CeO₂ buffer layer on the polycrystalline Ni-substrate in a non-vacuum environment. Use of the 30° powder jet inclination with respect to the laser beam axis along with the nano size precursor powder deposited a smooth layer on the entire surface of the substrate. Both EDS and X-ray diffractometry analyses were employed to confirm the stoichiometric nature of the deposited CeO₂ buffer layer.     

Linux 缓冲区溢出攻击检测与防范技术

缓冲区溢出攻击已成为黑客进行系统攻击的主要手段之一，简要分析了该攻击的基本原理，提出了使用安全的C函数库和控制内核的系统调用两种检测防范策略，并通过与其它技术的比较评价了其特点。