| 嵌入式系统缓冲区溢出攻击防范技术研究 |
| |
| 引用本文: | 王柳滨,魏国珩,李政.嵌入式系统缓冲区溢出攻击防范技术研究[J].计算机应用,2012,32(12):3449-3452. |
| |
| 作者姓名: | 王柳滨 魏国珩 李政 |
| |
| 作者单位: | 1. 海军工程大学 信息安全系,武汉 4300332. 海军工程大学 电子工程学院,武汉 430033 |
| |
| 基金项目: | 中国博士后特别基金资助项目(201003757) |
| |
| 摘 要: | 针对嵌入式系统在缓冲区溢出攻击下的脆弱性问题,对开源嵌入式操作系统μC/OS-Ⅱ的内存管理机制进行分析,提出了一种基于块表的内存保护方案。该方案将属于同一任务的内存块归纳到一个域内,并建立块表进行管理,实现了任务地址间的隔离;通过对内存块的访问进行越界检查和访问控制,有效地防范了针对嵌入式系统的缓冲区溢出攻击。最后,对该方案进行了有效性分析并在Nios Ⅱ平台上进行了实验测试,结果表明所提方法可行。
|
| 关 键 词: | 嵌入式系统 缓冲区溢出攻击 任务隔离 访问控制 uC/OS-II |
| 收稿时间: | 2012-06-15 |
| 修稿时间: | 2012-08-05 |
Research of defense scheme against buffer overflow attack in embedded system |
| |
| WANG Liu-bin,WEI Guo-heng,LI Zheng.Research of defense scheme against buffer overflow attack in embedded system[J].journal of Computer Applications,2012,32(12):3449-3452. |
| |
| Authors: | WANG Liu-bin WEI Guo-heng LI Zheng |
| |
| Affiliation: | Department of Information Security, Naval University of Engineering, Wuhan Hubei 430033, China |
| |
| Abstract: | Embedded system is vulnerable to buffer overflow attack. In order to solve this problem, a block based protection scheme was proposed after analyzing the memory management of μC/OS-Ⅱ. By making a combination of all the memory blocks which belong to one task and managing it through the established block_table, the introduced scheme protected the safety through creating isolation between task memories, checking and controlling the access of memory blocks. Then, an effective analysis about this scheme was given. In addition, a buffer overflow attack experiment was operated on Nios Ⅱ with the improved uC/OS-Ⅱ, and the results show that the proposed scheme is feasible. |
| |
| Keywords: | Embedded System Buffer overflow attack Task Isolation Access Control uC/OS-II |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
