计算机工程与应用2016,Vol.52Issue(11):101-107,7.DOI:10.3778/j.issn.1002-8331.1407-0160
基于备份控制流信息的缓冲区溢出监测技术
Detection of buffer overflow by duplication of control flow data
摘要
Abstract
Due to the lack of boundary checking mechanism, buffer overflow is one of the most serious attacks against C/C++programs. This paper presents a runtime countermeasure for buffer overflow attack. Through duplicating the control flow information with array which declared in the dynamic link libraries, including the return address and the frame pointer of each function, illegal overwriting can be detected dynamically. This method can both detect direct and indirect attack in the buffer overflow attack. Experiments based on the RIPE testbed and two practical tests as well as theoretical analysis show the effectiveness of this method.关键词
缓冲区溢出/控制流备份/返回地址/帧指针/动态监测/RIPEKey words
buffer overflow/control flow duplication/return address/frame pointer/runtime monitor/RIPE分类
信息技术与安全科学引用本文复制引用
谢汶兵,马晓东,李中升,牛夏牧..基于备份控制流信息的缓冲区溢出监测技术[J].计算机工程与应用,2016,52(11):101-107,7.基金项目
国家863高技术研究发展计划项目(No.2012AA010901) (No.2012AA010901)
国家科技重大专项基金(No.2013ZX01029002) (No.2013ZX01029002)
计算机体系结构国家重点实验室开放课题. ()
