透過您的圖書館登入 IP:18.119.17.80
透過您的圖書館登入
IP:18.119.17.80
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

緩衝區溢位偵測技術

A Technique of Detecting Stack Overflow Vulnerability

林律廷(Lu-Ting Lin)
指導教授 : 林金城
大同大學/電機資訊學院/資訊工程學系所/碩士(2007年)
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
未授權

摘要

軟體的大小與複雜度日益增加,增加了軟體漏洞的問題,這樣在[1]中所提到的觀點。近年來軟體漏洞成長數目在幾年內成長好幾倍,而最常見的緩衝區溢位問題卻一再被發現,如WebDav、sendmail、samba [1]。 雖然近幾年已有許多人投入緩衝區溢位的研究,也有些偵測的方法與原理問世,如StackGuard、StackShield。但其各有優缺點與其限制。因此本研究是提出一個較為簡易且通用的偵測方法,讓使用者能不依那些現成的工具也能自我檢測找出漏洞。 本論文提出的偵測方法,是對程式所輸入的資料做檢查,當發現軟體程式當掉,隨即找出輸入資料中造成溢位的地方,再追蹤此溢位地方的內容為記憶體,比對其內容是否為系統內部的跳躍碼,來判定是否為溢位攻擊。

關鍵字

緩衝區溢位

並列摘要

At the thesis “On the Development of an Automatic Tool for Detecting Buffer Overflow Vulnerabilities”[1] of NCU by Tseng Yun, it presented that the software size is getting bigger and more complex so that it is getting more software vulnerabilities. Recently the number of the vulnerabilities is few times than before, but the buffer overflow vulnerability is always discovered, such as WebDav, sendmail and samba. Although there are many people contributing to this study recently, and there are some detecting methods and thesis presented. But they have their own disadvantage and limit. At this thesis, we present an easy and common detecting method to make users can detect without other tools by themselves. At this thesis, we presented a detecting method to check the input data of the program. As the program crashed, we could find out the place causing stack overflow in input. Then we traced this content in memory and compared it with jump instruction to check if the stack overflow attack was.

並列關鍵字

buffer overflow stack overflow

參考文獻

[3] Aishwarya Iyer, L.M. Liebrock,〝Vulnerability scanning for buffer overflow〞,Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on Volume 2, 2004 Page(s):116 - 117 Vol.2 Digital Object Identifier 10.1109/ITCC.2004.1286600
[4] Eric Haugh, Matt Bishop, “Testing C Programs for Buffer Overflow Vulnerabilities”, University of California at Davis
[6] “Solar Designer,” Non-executable User Stack, http://www.openwall.com/linux, visited on 2007/5-14
[9] Changwoo Pyo, Byungchul Bae, Taejin Kim, Gyungho Lee,〝Detection of buffer overflow attacks without Explicit Sensor data objects〞,Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on Volume 1, 2004 Page(s):50 - 54 Vol.1 , Digital Object Identifier 10.1109/ITCC.2004.1286425
[11] M. Weber, V Shah,〝A case study in detecting software security vulnerabilities using constraint optimization〞, Ren, C.;Source Code Analysis and Manipulation, 2001. Proceedings. First IEEE International Workshop on 10 Nov. 2001 Page(s):1 - 11 Digital Object Identifier 10.1109/SCAM.2001.972661

延伸閱讀

國際替代計量

緩衝區溢位偵測技術
未授權