摘要
当前栈溢出攻击依然是最流行的计算机系统攻击手段之一。文章为Windows操作系统提供了一个工作在装配时刻的防御栈溢出攻击的解决方案,它运用栈溢出攻击检测机制来改写给定的可执行文件,不需要源代码支持。文章建立了一个原型来实现所提出的技术,经过验证,它可以成功的防御现实中使用的攻击代码。接着把该原型扩展到DLL、多线程应用程序和多线程应用程序使用的DLL。测试证明,改写过的可执行文件的运行性能下降不超过8%。
Stack smashing is still one of the most popular techniques for computer system attack. An anti-stack-smashing defense technique for Microsoft Windows systems is presented in this paper. This technique, which consists of instrumenting a given executable with a mechanism to detect stack smashing attacks, works at install-time and does not rely on having access to the source-code. This paper developed a prototype implementing this approach and verified that it successfully defends against actual exploit code, then extended this prototype to vaccinate DLLs, multithreaded applications, and DLLs used by multithreaded applications. Meanwhile, vaccinated executables were no more than 8 percent slower than their unvaccinated originals.
出处
《微电子学与计算机》
CSCD
北大核心
2006年第z1期187-189,共3页
Microelectronics & Computer
基金
国家"863"基金项目(2003AA146010)
河南省科技攻关计划项目(SP200402089)
