Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades. To defeat this attack,many protection methods are proposed in recent years. However,most of these existing met...Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades. To defeat this attack,many protection methods are proposed in recent years. However,most of these existing methods focus on user-level heap overflow detection. Only a few methods are proposed for kernel heap protection. Moreover,all these kernel protection methods need modifying the existing OS kernel so that they may not be adopted in practice. To address this problem,we propose a lightweight virtualization-based solution that can protect the kernel heap buffers allocated for the target kernel modules. The key idea of our approach is to combine the static binary analysis and virtualization technology to trap a memory allocation operation of the target kernel module,and then add one secure canary word to the end of the allocated buffer. After that,a monitor process is launched to check the integrity of the canaries. The evaluations show that our system can detect kernel heap overflow attacks effectively with minimal performance cost.展开更多
基金supported in part by National Natural Science Foundation of China (NSFC) under Grant No.61602035the National Key Research and Development Program of China under Grant No.2016YFB0800700+1 种基金the Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information SecurityOpen Found of Key Laboratory of IOT Application Technology of Universities in Yunnan Province under Grant No.2015IOT03
文摘Heap overflow attack is one of the major memory corruption attacks that have become prevalent for decades. To defeat this attack,many protection methods are proposed in recent years. However,most of these existing methods focus on user-level heap overflow detection. Only a few methods are proposed for kernel heap protection. Moreover,all these kernel protection methods need modifying the existing OS kernel so that they may not be adopted in practice. To address this problem,we propose a lightweight virtualization-based solution that can protect the kernel heap buffers allocated for the target kernel modules. The key idea of our approach is to combine the static binary analysis and virtualization technology to trap a memory allocation operation of the target kernel module,and then add one secure canary word to the end of the allocated buffer. After that,a monitor process is launched to check the integrity of the canaries. The evaluations show that our system can detect kernel heap overflow attacks effectively with minimal performance cost.
