基于Libsafe库的缓冲区溢出检测算法改进

Improved Algorithm for Buffer Overflow Detection Based on Libsafe Library

下载PDF

导出

摘要 C/C++提供了很多高效的诸如strcpy等字符串操作库函数,但由于缺乏相应安全边界检查机制,存在着一些容易被攻击者利用的缓冲区溢出漏洞与威胁。讨论已有的Libsafe安全库增强机制并分析了其依赖于栈帧指针回溯栈活动记录的局限性。提出基于程序指令特征码匹配来回溯函数栈活动记录的Libsafe安全库增强方法。逐条匹配函数体指令与已知候选集指令来获取栈信息。并在追溯栈活动记录时,将已回溯到的栈活动记录用哈希函数保存,以返回地址作为关键字用链地址法进行检索。对改进版Libsafe安全库检测方法做了算法可行性和复杂度分析。从灵敏性、完整性、准确性、性能等几个方面做了实验与分析,表明该机制的高效性与可用性。 Due to the lack of boundary checking mechanism of C/C++,buffer overflow is one of the most serious attacks caused by the unsafe functions,such as strcpy.This paper firstly discussed the current mechanism of libsafe library and analyzed the drawbacks using stack frame pointer to look back upon the stack information.We proposed a method through matching the attribute code of instruction's opcode to look back upon the stack information.By matching each opcode with the candidate opcode,we could get the stack information.We also introduced hash function to store the stack information that have been computed and the return address is used as key of the hash function.We analyzed the feasibility and complexity of our improvement algorithm.Experiments were done from different perspectives of cushion,integrity,accuracy.Performance shows the effectiveness of the algorithm.

作者谢汶兵姜军李中升牛夏牧

机构地区江南计算技术研究所哈尔滨工业大学深圳研究生院

出处《计算机科学》 CSCD 北大核心 2015年第S1期382-387 424,424,共7页 Computer Science

基金国家"863"高技术研究发展计划项目基金(2012AA010901) 国家科技重大专项基(2013ZX01029002) 计算机体系结构国家重点实验室开放课题资助

关键词 Libsafe库检测栈帧指针堆栈活动记录指令特征码回溯栈哈希函数 Detection of Libsafe library,Stack frame pointer,Activate record,Attribute code of instruction,Look back upon stack,Hash functio

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献10

1Kaivalya M. Dixit.The SPEC benchmarks. Parallel Computing . 1991
2Baratloo A,Singh N,Tsai T.Transparent run-time defense against stack smashing attacks. USENIX Annual Technical Conference . 2000
3Dhurjati D,Adve V.Backwards-compatible array bounds chec-king for C with verylowoverhead. Proceedings of the28th International Conference on Software Engineering . 2006
4Neil Vachharajani,,Matthew J. Bridges,Jonathan Chang,,Ram Rangan,Guilherme Ottoni,Jason A. Blome,George A. Reis,Manish Vachharajani,David I. August.RIFLE: an architectural framework for user-centric information-flow security. MICRO-37 . 2004
5NEWSOME J,KARP B,SONG D.Polygraph:automatically generating signatures for polymorphic worms. SP’’05:Proceedings of the 2005 IEEE Symposium on Security and Privacy . 2005
6Lu S,Li Z,Qin F, et al.Bugbench: Benchmarks for evaluating bug detectiontools. Workshop on the Evaluation of Software Defect Detection Tools . 2005
7Shaw A.Program transformatio ns to fix C buffer overflows. Companion Proceedings of the 36th International Conference on Software Engineering . 2014
8Lin Z,Mao B,Xie L.LibsafeXP:A Practical and Transparent Tool for Run-time Buffer Overflow Preventions. Information Assurance Workshop . 2006
9Avijit K,Gupta P.TIED,LibsafePlus:Tools for Runtime Buffer Overflow Protection. Proc of 13th USENIX Security Symposium (Security’’04) . 2004
10Han W,Ren M,Tian S,et al.Static Analysis of Format String Vulnerabilities. 2011First ACIS International Symposium on Software and Network Engineering SSNE . 2011

1邓奕军.缓冲区溢出的防范技术研究[J].柳州职业技术学院学报,2005,5(4):99-102. 被引量：1
2潘大庆,覃纪武.基于Libsafe的缓冲区溢出防范技术的研究[J].电脑知识与技术,2006(7):86-87.
3杨怿,汪崇文.JAVA虚拟机技术研究与实践思考[J].中国电子商情（科技创新）,2013(22):15-15.
4王晨.缓冲区溢出攻击的原理分析[J].计算机与现代化,2005(5):92-93.
5王京峰,张保稳,刘凤格.一种基于IDA PRO缓冲区溢出的检测方法[J].信息安全与通信保密,2007,29(3):129-131. 被引量：2
6梁玉,傅建明,彭国军,彭碧琛.S-Tracker:基于栈异常的shellcode检测方法[J].华中科技大学学报（自然科学版）,2014,42(11):39-46. 被引量：4
7赵北庚.基于OllyDbg的函数栈帧逆向分析研究[J].网络安全技术与应用,2015(1):24-24. 被引量：1
8林志强,王逸,茅兵,谢立.SafeBird:一种动态和透明的运行时缓冲区溢出防御工具集[J].电子学报,2007,35(5):882-889. 被引量：6
9曹文中.浅述VC++中状态栏的更新机制[J].电脑爱好者,2000(23):87-87.
10郑广成,林庆.ASP .NET程序性能的优化[J].连云港职业技术学院学报,2006,19(4):7-8.

计算机科学

2015年第S1期

浏览历史

内容加载中请稍等...

基于Libsafe库的缓冲区溢出检测算法改进

参考文献10

相关作者

相关机构

相关主题

浏览历史