首页 | 本学科首页   官方微博 | 高级检索  
     

基于控制流数据保护的缓冲区溢出防御方法
引用本文:张蓝图,王瑛.基于控制流数据保护的缓冲区溢出防御方法[J].计算机工程与应用,2012,48(15):63-69,87.
作者姓名:张蓝图  王瑛
作者单位:中船重工第709研究所,武汉,430074
摘    要:根据栈缓冲区溢出的基本原理,介绍了三种缓冲区溢出攻击的基本模式,分析了现有的动态防御方法所存在的优缺点。以此为基础,提出了一种基于控制流相关数据保护的栈缓冲区溢出动态防御方法,引入了加密机制,有效地防御攻击者对保护数据的篡改。设计并实现了针对目标文件为对象的二进制文件重构工具,通过理论分析和实验表明该方法能够极大概率防御各种缓冲区溢出攻击。

关 键 词:软件漏洞  栈缓冲区溢出  动态防御  控制流数据

Dynamic stack buffer overflow prevention based on protection of control-flow data
ZHANG Lantu , WANG Ying.Dynamic stack buffer overflow prevention based on protection of control-flow data[J].Computer Engineering and Applications,2012,48(15):63-69,87.
Authors:ZHANG Lantu  WANG Ying
Affiliation:709th Research Institute, China Shipbuilding Industry Corporation, Wuhan 430074, China
Abstract:The basic attack patterns of stack buffer overflow are introduced based on the principles of stack buffer overflow. A new dynamic stack buffer overflow prevention method based on protection of control-flow related data is proposed due to the weakness of the existing dynamic buffer overflow prevention methods. At the same time, two encryption algorithms are introduced to protect the control-flow related data. The new method is proved to be able to defend multiple patterns of attacks with an acceptable performance tradeoff. At the same time, an object file reconstructing tool for binary is implemented using this new method. Experimental results of both the penetration resistance and the performance impact of the proposed method are presented.
Keywords:software vulnerability  stack buffer overflow  dynamic prevention  control-flow data
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号