期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Windows栈缓冲区溢出攻击原理及其防范 被引量:1

The Principle of Stack Buffer Overflow Attacks in Windows and the Prevention
下载PDF
导出
摘要 计算机网络安全漏洞和网络攻击伴随着网络的存在会随时发生,栈缓冲区溢出漏洞攻击是网络攻击中最常见的一种攻击技术。文章剖析了Windows栈工作原理,以及栈溢出漏洞攻击技术方法,针对常见的栈溢出漏洞攻击提出了几种防御措施,能预防大部分针对栈溢出漏洞的攻击。 Computer network security vulnerabilities and cyber attacks may occur at any time on the Internet,and thestack buffer overflow attack is the most common network attack technology.This paper analyzes the operating principleof the stack in Windows and the techniques of stack overflow attacks.Then,several prevention measures are proposed forcommon stack buffer overflow attacks,which can prevent most stack overflow attacks.
作者 李云飞 陈洪相 LI Yunfei;CHEN Hongxiang(Weinan Normal University ,Weinan 714099,China;Hubei Information Engineering College ,Jingmen 448000,China)
机构地区 渭南师范学院 湖北信息工程学校
出处 《软件工程》 2017年第9期30-33,共4页 Software Engineering
基金 渭南师范学院科研基金项目(16YKS001 09YKZ012)资助
关键词 网络安全 内存 安全漏洞 堆栈 缓冲区溢出 network security memory security vulnerabilities stack buffer overflow
分类号 TP309.1 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献4

二级参考文献45

  • 1刘滨,王琦,刘丽丽.嵌入式操作系统FreeRTOS的原理与实现[J].单片机与嵌入式系统应用,2005(7):8-11. 被引量:31
  • 2常铁原,刘娜,陈文军.μC/OSII内存管理技术的研究[J].计算机工程,2007,33(9):82-83. 被引量:5
  • 3Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software [C]// Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS 2005). New York: ACM, 2005.
  • 4Schwartz E, Avgerinos T, Brumley T. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask) [C]// Proceedings of the IEEE Symposium on Security and Privacy. Washington DC: IEEE Computer Society, 2010: 317- 331.
  • 5WANG Tielei, WEI Tao, GU Guofei, et al. TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection [C]//ACM Transactions on Information and System Security (TISSEC). 2011, 14(2) : 15:1-15:28.
  • 6CUI Baojiang, WANG Fuwei, GUO Tao, et al. FlowWalker: A fast and precise off-line taint analysis framework [C]// Proceedings of the 2013 Fourth International Conference on Emerging Intelligent Data and Web Technologies. Washington DC: IEEE Computer Society, 2013: 583- 588.
  • 7Sutton M, Greene A, Amini P. Fuzzing: Brute Force Vulnerability Discovery [M]. Addison Wesley Professional, 2007.
  • 8Corelan Team. [EB/OL]. (2010-10-20). https://www. corelan, be/index, php/2010/10/20/in-memory-fuzzing/.
  • 9Luk C, Cohn R, Muth R, et al. Pin: Building customized program analysis tools with dynamic instrumentation [C]// Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2005: 190-200.
  • 10Oulu University Secure Programming Group. Radamsa [,EB/OL]. [2014-06- 29]. https://www, ee. oulu. fi/research/ ouspg/Radamsa.

共引文献5

同被引文献1

引证文献1

二级引证文献1

软件工程
2017年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部