| 基于备份控制流信息的缓冲区溢出监测技术 |
| |
| 引用本文: | 谢汶兵,马晓东,李中升,牛夏牧.基于备份控制流信息的缓冲区溢出监测技术[J].计算机工程与应用,2016,52(11):101-107. |
| |
| 作者姓名: | 谢汶兵 马晓东 李中升 牛夏牧 |
| |
| 作者单位: | 1.江南计算技术研究所,江苏 无锡 214083
2.哈尔滨工业大学 深圳研究生院,广东 深圳 518000 |
| |
| 摘 要: | C/C++在提供灵活的使用方式和高效目标码的同时,由于缺少边界检查机制,缓冲区溢出成为C/C++程序面临的一种严重的攻击威胁。给出了一种缓冲区溢出攻击的动态防护方法。使用在库中声明的数组来备份函数的控制流信息,包括返回地址和栈帧指针,来动态监测非法的篡改行为。该方法可以对缓冲区溢出攻击中的直接攻击和间接攻击均有效防护。通过RIPE基准平台和两道实际应用的测试以及理论比较表明该方法的有效性。
|
| 关 键 词: | 缓冲区溢出 控制流备份 返回地址 帧指针 动态监测 RIPE |
Detection of buffer overflow by duplication of control flow data |
| |
| XIE Wenbing,MA Xiaodong,LI Zhongsheng,NIU Xiamu.Detection of buffer overflow by duplication of control flow data[J].Computer Engineering and Applications,2016,52(11):101-107. |
| |
| Authors: | XIE Wenbing MA Xiaodong LI Zhongsheng NIU Xiamu |
| |
| Affiliation: | 1.Jiangnan Institute of Computing Technology, Wuxi, Jiangsu 214083, China
2.Shenzhen Graduate School, Harbin Institute of Technology, Shenzhen, Guangdong 518000, China |
| |
| Abstract: | Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++ programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method. |
| |
| Keywords: | buffer overflow control flow duplication return address frame pointer runtime monitor RIPE |
|
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
