- 學位論文
一種基於編譯器的保護返回位址的方法
Compiler-based approach to protect return address
摘要
堆疊緩衝區溢位攻擊(Stack-based Buffer overflow attack) 一直都是軟體安全頭痛的問題之一,到目前為止還是沒有有效的抑制方法,只能透過編譯器及作業系統的支援促使程式運行狀態宛若處在黑箱之中,藉此使攻擊者無法得到必要的資訊而進一步的利用弱點達到攻擊的效果。 本論文針對返回位址 (return address) 的保護為重點,核心思想為阻止返回位址被惡意的資料所覆蓋,從而避免攻擊者控制指令指標(Instruction Pointer, IP) 來達到更動程式流程的目的。 實驗結果顯示,本論文提出來的保護方法可以確切的保護堆疊中的返回位址不被惡意資料覆蓋,因此也提升了程式本身的安全性。
並列摘要
Stack-based buffer overflow attack has been one of the most tough problem of security vulnerability. There is no effectively solution to eliminated for now. Can only make your program runtime like a black box to avoid attacker exploit vulnerability by gathering necessary information of your program. In this paper we provide a compiler-based solution to prevent Stack-based Buffer overflow attack on the function return address. To prevent override of return address means no control flow hijacked, and the integrity of the program. Experiment shows that the approach we proposed could protect the return address in the stack buffer effectively therefore more secure software.
參考文獻
延伸閱讀
- Kao, C. Y. (2009). 一個基於加強Return Address Stack安全性之改進 [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-1111200916112721
- Hong, D. Y. (2013). 高效能的可重定目標動態二進制碼轉譯 [doctoral dissertation, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-2511201311302732
- Liu, Y. P. (2017). 在跨指令集架構動態二進制碼轉譯中利用非對稱單指令多資料流暫存器組態 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU201702443
- Tsai, P. H. (2014). 執行於含錯處理器程式之修復編譯器 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2014.02725
- Rifki, S., Park, Y., & Moon, S. (2015). A Fully Secure Ciphertext-Policy Attribute-Based Encryption with a Tree-Based Access Structure. Journal of Information Science and Engineering, 31(1), 247-265. https://doi.org/10.6688/JISE.2015.31.1.13