摘要
Windows作为公众使用最广泛的一类操作系统,其自身的安全性成为国内外攻击者和研究者关注的焦点。文章从Windows内存管理体系入手,使用逆向工程和动态调试的手段对Windows操作系统堆地址随机化机制进行分析,设计并实现了一种随机化改进方案。研究工作主要分为两方面:一方面是通过逆向调试,深入探索Windows堆内存区域,重点探查堆地址随机化机制的实现原理和方法,并结合已知的几种攻击手法对Windows堆地址随机化机制的脆弱性进行分析和验证;另一方面是根据分析结果设计相应的解决方案,进一步增强堆区地址排布的随机性,有针对性地降低已知攻击手法的危害。文章提出的方案可以有效弥补Windows系统在堆地址随机化方面设计的不足,降低相关攻击技术的危害,提升系统整体安全性能。
As the most widely used operating system,the security of Windows has become the focus of attackers and researchers at home and abroad. This paper starts with Windows memory management system,analyzes the heap address randomization mechanism of Windows operating system by reverse engineering and dynamic debugging, and designs and implements a randomized improvement scheme. The research work is divided into two parts: One is through the reverse debugging,exploring the Windows heap memory area,exploring the realization principle and method of heap address randomization mechanism,and analyzing and verifying the vulnerabilities of Windows heap address randomization mechanism by combined with several known attack methods. On the other hand,the corresponding solution is designed according to the analysis results to further enhance the randomness of the heap address configuration, and to reduce the harms of the known attack methods. The proposed scheme can effectively compensate for the lack of Windows system in heap address randomization design,reduce the harms of related attack technology,and improve the overall security performance of the system.
出处
《信息网络安全》
CSCD
2017年第7期1-10,共10页
Netinfo Security
基金
国家自然科学基金[61170282]
