| Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems |
| |
| 引用本文: | David J Day,Zheng-Xu Zhao. Protecting Against Address Space Layout Randomisation (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems[J]. 国际自动化与计算杂志, 2011, 8(4): 472-483. DOI: 10.1007/s11633-011-0606-0 |
| |
| 作者姓名: | David J Day Zheng-Xu Zhao |
| |
| 作者单位: | [1]School of Computing and Mathematics, University of Derby, Derby, UK [2]Faculty of Information Science and Technology, Shijiazhuang Tiedao University, Shijiazhuang, PRC |
| |
| 基金项目: | supported by National Natural Science Foundation of China (No. 60873208) |
| |
| 摘 要: |
|
| 关 键 词: | 网络入侵检测系统 空间布局 随机化 攻击 地址 返回 缓冲区溢出漏洞 妥协 |
Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems |
| |
| David J. Day,Zheng-Xu Zhao. Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems[J]. International Journal of Automation and computing, 2011, 8(4): 472-483. DOI: 10.1007/s11633-011-0606-0 |
| |
| Authors: | David J. Day Zheng-Xu Zhao |
| |
| Affiliation: | 1. School of Computing and Mathematics, University of Derby, Derby, UK
2. Faculty of Information Science and Technology, Shijiazhuang Tiedao University, Shijiazhuang, PRC
|
| |
| Abstract: | Writable XOR executable (W⊕X) and address space layout randomisation (ASLR) have elevated the understanding necessary to perpetrate buffer overflow exploits[1]. However, they have not proved to be a panacea[1–3], and so other mechanisms, such as stack guards and prelinking, have been introduced. In this paper, we show that host-based protection still does not offer a complete solution. To demonstrate the protection inadequacies, we perform an over the network brute force return-to-libc attack against a preforking concurrent server to gain remote access to a shell. The attack defeats host protection including W⊕X and ASLR. We then demonstrate that deploying a network intrusion detection systems (NIDS) with appropriate signatures can detect this attack efficiently. |
| |
| Keywords: | Buffer overflow stack overflow intrusion detection systems (IDS) signature rules return-to-libc attack pre-forking. |
| 本文献已被 维普 SpringerLink 等数据库收录! |
| 点击此处可从《国际自动化与计算杂志》浏览原始摘要信息 |
|
点击此处可从《国际自动化与计算杂志》下载全文 |
