透過您的圖書館登入 IP:18.222.179.186
透過您的圖書館登入
IP:18.222.179.186
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

使用QEMU模擬器偵測緩衝區溢位攻擊

Detection of Buffer Overflow Attacks with QEMU Emulator

郭后翔(Hou-Xiang Kuo)
指導教授 : 曾黎明
國立中央大學/資訊電機學院/資訊工程學系/碩士(2007年)
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
未授權

摘要

緩衝區溢位攻擊一直是系統安全的一大課題,許多電腦病毒或蠕蟲均利用此漏洞損害許多電腦系統。雖然很多相關研究針對此漏洞去防範,但真正被廣泛使用的方法很少,主要原因乃是要能相容於現有已寫好的可執行碼的方法很少。 此篇論文以QEMU模擬器模擬硬體的行為,參改SmashGuard採用在硬體內建立額外堆疊檢測返回位址一致性的方式,使其在不修改軟體可執行碼的情況下,模擬其偵測緩衝區溢位攻擊機制。實驗結果發現其方法在系統軟體使用的假設方面有其衍生出的問題,並分析其原因。為解決此種作業系統亦可能更改堆疊返回位址的問題,本篇論文提出逐級檢測的警示機制,除檢測返回位址的一致性,並增加檢查返回位址的合法性。實驗結果顯示此檢測機制可區分與偵測到一般常見的堆疊區段緩衝區溢位的攻擊模式。

關鍵字

緩衝區溢位 堆疊區段緩衝區溢位攻擊 SmashGuard QEMU

並列摘要

Buffer overflow has always been a dominant issue of system security. Many computer viruses or worms exploit this vulnerability to damage computer systems. Although numerous researches have been proposed to defend such attack, solutions that were really used as standard were rare. The main reason is that few solutions can be compatible with user binary code. This paper chooses QEMU emulator to emulate a hardware behavior and selects SmashGuard mechanism to test its feasibility. The result showed that it will produce some problems, and the reason was analyzed. Hence, this paper proposed a two layer checking mechanism. In addition to checking the consistency of return address, validity of return address was also checked. The result demonstrates that this mechanism can differentiate and detect typical stack-smashing attack.

並列關鍵字

SmashGuard attack Buffer overflow QEMU

參考文獻

[4] Jonathan Pincus and Brandon Baker, ”Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns,” IEEE computer society, 2004
[9] Tzi-cker Chiueh and Fu-Hau Hsu, “RAD: A Compile-Time Solution to Buffer Overflow Attacks,” Proc. 21st Int’l Conf. Distributed Computing Systems (ICDCS ‘01), pp.409-417, Apr. 2001.
[10] Zili Shao, Chun Xue, Qingfeng Zhuge, Meikang Qiu, Bin Xiao and Edwin H.-M. Sha, ”Seccurity Protection and Checking for Embedded System Integration against Buffer Overflow Attacks via Hardware/Software,” IEEE Trans. on computers, Vol.55, No.4. April 2006
[11] Ozdoganoglu, H., Vijaykumar, T.N., Brodley, C.E., Kuperman, B.A., Jalote, A., “SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address,” IEEE Trans. on computers, Vol. 55, No. 10,Oct. 2006
[12] Krerk Piromsopa, Richard J. Enbody, ”Secure Bit: Transparent, Hardware Buffer-Overflow Protection,” IEEE Trans. Dependable and Secure Computing, Vol.3, No.4, Oct-Dec. 2006

延伸閱讀

未授權