Linux缓冲区溢出攻击原理分析及防范被引量：2

Analysis and Defence of Buffer Overflow Attacks on Linux

下载PDF

导出

摘要利用缓冲区溢出和suid程序进行攻击来获得远程系统的root权限已经成为黑客攻击的常用方法。文中对Linux操作系统中针对缓冲区溢出进行攻击的原理进行分析 ,并在此基础上提出防范此种攻击的策略。

作者姚建东秦军古志民

机构地区北京理工大学计算机系

出处《计算机应用》 CSCD 北大核心 2002年第7期125-127,共3页 journal of Computer Applications

基金国家留学基金 (2 1 30 7D0 5) 北京理工大学校人才引进科研启动基金 (DD961 9- 1 )

关键词缓冲区溢出堆栈 EBP libasfe

参考文献3

1[1]Arash Baratloo, Timothy Tsai, and Navjot Singh． Libsafe: Protecting Critical Element of Stacks．White Paper[M]．December 25, 1999.
2[2]Aleph One．Smashing The Stack For Fun And Profit[EB/OL]．BBS水木清华站,Oct 1997.
3[3]Matt Conover (a.k.a. Shok) & w00w00 Security．w00w00 on heap Overflows[EB/OL]．http://www.w00w00.org/files/articles/heaptut.txt,January 1999.

1[1]Detecting insider threats by monitoring system call activity,Nam Nguyen and Peter Reiher,Poceedings of the 2003 IEEE,Workshop on Information Assurance.
2[4]Paul Thurrott.64 位版本Windows Vista独有的安全特性[DB/OL].http://www.winitpro.com.cn/html/2006/09/20060906152744-1.shtml
3[5]CrispinCowan,SteveBeattie,RyanFinninDay,etal.Protecting Systems from Stack Smashing Attacks with Stack-Guard[DB/OL].http://www.cse.ogi.edu/DISC/oroiects/immunix.2001205.
4http://www-900.ibm.com/developerWorks/cn/security/overflow/index .shtml,2003-12.
5Arash Baratloo, Timothy Tsai, Navjot Singh. Libsafe: Protecting Critical Element of Stacks[Z]. White Paper, 1999.
6Dreamtech Software Team. Programming for Embedded Systems[M]. Wiley Pub lishing Inc, 2002.
7Aleph One.Smashing the Stack for Fun and Profit[EB/OL]. http://www.cs. ucsb.edu/～jzhou/security/overflow.html,2002-10.
8Matt Conover (a.k.a. Shok), w00w00 Security Team. w00w00 on Heap Overflo ws[EB/OL]. http://www.w00w00.org/files/articles/heaptut.txt, 1999-01.
9Cowan, Wagle, C Pu, et al. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade[A]. Proc of the DARPA Information Survivability C onf and Expo[C]. 1999.
10万春,刘丽莉.缓冲区溢出攻击手段及防范策略分析[J].集美大学学报（自然科学版）,2003,8(3):237-242. 被引量：4

计算机应用

2002年第7期

内容加载中请稍等...