- 學位論文
以備份函數呼叫參數為基礎使用動態連結函式庫之自動化堆疊緩衝區溢位攻擊之防禦
Defending Stack Buffer Overflow Attack via Automatic Preservation of Function Call Parameters Using Dynamic Linkable Library
摘要
堆疊緩衝區溢位攻擊是電腦與網路系統攻擊裡面最常見攻擊之一,隨著眾多防禦方法的提出,緩衝區溢位攻擊這類的攻擊手法也不斷地演化成不同的形態,以繞過這些保護機制。在不需重新編譯使用者程式或無法取得原始碼下,直接將函數呼叫參數備份以待後續查驗使用的保護機制注入執行碼的方式可以反制相關攻擊的逃避手法。我們提出一個新的防禦架構,可以免去需要具備專家知識的人力介入的條件,運用將偵測機制製做成動態連結程式庫載入目標程式,以自動化的方式偵測緩衝區溢位攻擊,簡化過去需要利用工具反組譯並且手動加入保護程式碼繁複的步驟。 關鍵詞:堆疊緩衝區溢位攻擊、動態連結程式庫、電腦安全、軟體安全
並列摘要
Buffer overflow attack is one of the most common attacks which can seriously compromise the security of computer systems. Most of the computer viruses or worms which brought in huge damages in the past employed some types of buffer overflow tactics. Among all buffer overflow attacks, a stack overflow attack alters the return address of the current function which leads to a change of control from a legitimate program process to a vicious one. Detection schemes based on canary word insertion have been used to determine if such attack occurs during program execution. However, some newer attacks are able to evade being detected by them. To counteract, a new type of protection scheme employing parameter backup technique has been proposed. However, the application of the scheme requires a lot of expert efforts which make the method impractical. Our goal in this study is to develop a novel automatic mechanism such that the aforementioned scheme can be easily employed by general public. The novel protection mechanism is implemented as a dynamic link library. Given any executable code, the protection mechanism can be automatically plugged into the executable image of the code. With few exceptions, the current prototype of our mechanism is able to provide protection to the majority of function call scenarios. Keywords: Stack Buffer Overflow, Dynamic Link Library, Computer Security, Software Security