期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

缓冲区溢出攻击模式及其防御的研究 被引量:2

On the Buffer Overflow Attack Mode and Countermeasures
下载PDF
导出
摘要 借助统一建模语言,概括近十年来利用缓冲区溢出进行攻击的攻击模式,从预防、发现、抵御缓冲区溢出攻击以及攻击后的程序恢复等方面对目前有代表性的防御、检测方法和攻击恢复技术进行了归纳、分析和比较,指出这些方法和技术的弊端以及可能采取的规避手段。提出了在攻击技术不断发展的情况下,彻底、有效地解决缓冲区溢出所面临的问题,编写安全的程序是解决缓冲区溢出的关键,并对将来解决缓冲区溢出可采用的有效方法和手段进行了讨论。 A general model of buffer overflow based attacks is described by unified modeling language. The analysis and comparison of the existing representative methods and apparatuses of defense and recovery against buffer overflow attacks are presented, including analyzing their vulnerabilities and possible means to bypass them. Highlighting the state-of-art challenging issues for facing the tradeoff of security and performance efficiency, and the continuing evolution of attach techniques, it is pointed out that security programming is the key to solve buffer overflow problems. Finally, some technical trends are given.
作者 程红蓉 秦志光 万明成 邓蔚
机构地区 电子科技大学计算机科学与工程学院
出处 《电子科技大学学报》 EI CAS CSCD 北大核心 2007年第6期1187-1191,共5页 Journal of University of Electronic Science and Technology of China
关键词 攻击模式 缓冲区溢出 防御方法 统一建模语言 安全编程 attack model buffer overflow countermeasures unified modeling language security programming
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献34

  • 1Aleph One. Smashing the stack for fun and profit[EB/OL]. http://www.insecure.org/stf/smashstack.html, 1996-11-19.
  • 2LHEE K, CHAPIN S J. Buffer overflow and format string overflow vulnerabilities[J]. Software Practice and Experience, 2003, 33: 423-460.
  • 3SPAFFORD E H. The intemet worm program: analysis[R]. Purdue University: Technical report CSD-TR-823, 1988.
  • 4PINCUS J, BAKER B. Beyond stack smashing: recent advances in exploiting buffer overruns[J]. IEEE Security and Privacy, 2004, 2(4): 20-27.
  • 5DEAN D, FELTEN E E, WALLACH D S. Java security: from HotJava to netscape and beyond[C]//In Proceedings of the IEEE Symposium on Security and Privacy. Washington D.C., USA: IEEE Computer Society, 1996:125-130.
  • 6JONES R W M, KELLY P H J. Backwards-compatible bounds checking for arrays and pointers in c programs[C]//In Proceedings of the third International Workshop on Automatic Debugging. Sweden: Linkoping University Electronic Press, 1997: 12-26.
  • 7JIM T, MORRISETT G, GROSSMAN D, et al. Cyclone: a safe dialect of c[C]//In Proceedings of USENIX Annual Technical Conference. Monterey: USENIX Press, 2002: 275-288.
  • 8VIEGA J, BLOCH J T, KOHNO T, et al. ITS4: a static vulnerability scanner for C and C++ code[C]//In Proceedings of the 16th Annual Computer Security. Applications Conference. Washington D.C., USA: IEEE Computer Society, 2000: 159-164.
  • 9WAGNER D, FOSTER J S, BREWER E A, et al. A first step towards automated detection of buffer overrun vulnerabili-ties[C]//In Proceedings of the seventh Network and Distributed System Security Symposium. San Diego: Internet Society Press, 2000: 122-127.
  • 10GANAPATHY V, JHA S, CHANDLER D, et al. Buffer overrun detection using linear programming and static analysis[C]//In Proceedings of the ACM Conference on Computer and Communication Security. New York, USA: ACM Press 2003: 345-354.

同被引文献8

引证文献2

二级引证文献2

电子科技大学学报
2007年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部